jeansnkicks / eventlog-to-syslog Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/eventlog-to-syslog
Automatically exported from code.google.com/p/eventlog-to-syslog
Hi Sherwin,
Would it be possible to enhance eventlog-to-syslog to support an additional 2
LogHosts, total of 4?
I understand that currently only two loghosts are supported.
Would you have a workaround for this? Will you add this to your next update?
Why the need to support 4 loghosts?
One set is for operational use, the other set is for auditing purposes. Both
are redundant.
Best regards,
Mark
Original issue reported on code.google.com by [email protected]
on 9 Mar 2011 at 12:26
Hi!
Is there an possibility to use the local hostname instead of the IP-adress in
the sended syslog message?
josef
Original issue reported on code.google.com by [email protected]
on 18 Nov 2010 at 8:13
Is eventlog-to-syslog RFC3195 compliant? Meaning - can the service be
configured to forward the events with TCP instead of UDP?
Thanks in advance
Regards
Claus
Original issue reported on code.google.com by [email protected]
on 8 Jul 2010 at 1:07
Is possible to add the ability to keep the logs stored in cache in case of fail
of the centralize syslog server?
Many thanks
Roberto
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 5:37
We'd like to feed the event logs into a SIEM. In order to do correlation, the
SIEM needs the IP address (or a resolvable hostname) and using %COMPUTERNAME%
doesn't get us there. The attached patch will find the first IP address on the
system and use that in the syslog message. If the IP is resolvable to a FQDN,
then that will be used. This feature is optional by specifying the command line
option "-a" when installing the service.
Original issue reported on code.google.com by jeff.murphy
on 20 Jul 2011 at 5:53
Attachments:
http://ntsyslog.sourceforge.net/
The above tool, which no longer seems to be being developed, is capable of
mapping various event types to different syslog facilities. For instance,
Security events go to the auth facility, rather than mapping everything to
daemon or whatever. Could something like this be added to this software? It
would make further processing by something like syslog-ng, logwatch, etc. much
nicer.
Thanks,
Brian
Original issue reported on code.google.com by [email protected]
on 10 Nov 2010 at 10:17
What steps will reproduce the problem?
1. Install on 2k8
2. Observe performance when size goes above 50 megabytes
What is the expected output? What do you see instead?
Evtsys uses the EvtQuery API call in 2008, which means that it searches the
entire log file every five seconds based on the query. This causes massive
performance problems. A better solution is to use the EvtSubscribe API call to
be notified about new events as they come in.
What version of the product are you using? On what operating system?
Latest from SVN on Windows Server 2008 R2.
Please provide any additional information below.
Here's the API doc for EvtSubscribe:
http://msdn.microsoft.com/en-us/library/aa385487%28v=vs.85%29.aspx
Original issue reported on code.google.com by [email protected]
on 13 May 2011 at 7:20
What steps will reproduce the problem?
1. Not sure, seems to be somewhat random
2. But, currently have several Windows 2003 servers exhibiting problem
3. And several, using the same exact install, that don't exhibit the problem
What is the expected output? What do you see instead?
The expected hostname is "HOSTNAME", in the log message. Instead, there seems to be an extra space, and the log message displays " HOSTNAME" in it's place, and I can't seem to get rsyslog to match the hostname correctly. Sometimes the hostname appears correctly, such as in the service startup messages, like 'Eventlog to Syslog Service Started: ...', but most of the time, for example, when it's a 'Security:' message, the extra space/non-printing character appears in the message.
What version of the product are you using? On what operating system?
Evtsys version: 4.3, both 32-bit and 64-bit
OS: MS Win Server 2003 Enterprise Ed, SP2 (32-bit); MS Win Svr 2003 R2, 64-bit
Std Ed, SP2;
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 29 Jul 2010 at 6:43
What steps will reproduce the problem?
1. Using 64bit Version of evtsys
2. Copying evtsys.exe and evtsys.dll to C:\Windows\System32
3. executing command "evtsys -i -h <IP-address>"
What is the expected output? What do you see instead?
Instead of installing, i get the following:
C:\Windows\System32>evtsys -i -h <IP>
Checking ignore file...
Jan 14 17:51:45 ATVIESV051 Error opening file: evtsys.cfg: The system cannot
find the file specified.
Jan 14 17:51:45 ATVIESV051 Creating file with filename: evtsys.cfg
Jan 14 17:51:45 ATVIESV051 File could not be created: evtsys.cfg: Access is
denied.
Jan 14 17:51:45 ATVIESV051 File Check Failed!!!
Command did not complete due to a failure
I tried to manually create the evtsys.cfg file, but also did not help:
C:\Windows\System32>evtsys -i -h <IP>
Checking ignore file...
Jan 14 17:54:35 ATVIESV051 Cannot initialize access to registry:
"Software\ECN\EvtSys\3.0": The operation completed successfully.
Command did not complete due to a failure
What version of the product are you using? On what operating system?
evtsys 4.4 64bit ono Windows Server 2008 R2 64bit
Please provide any additional information below.
Any help would be appreciated...
Greetz,
G.
Original issue reported on code.google.com by [email protected]
on 14 Jan 2011 at 4:57
What steps will reproduce the problem?
1. Copy the 4.4.1 executables to the system32 directory
2. Run evtlog.exe -i -h [host] -l 4
What is the expected output? What do you see instead?
Expected: Service created.
Result: Bad level: 4 Must be between 0 and 3
What version of the product are you using? On what operating system?
4.4.1 on Windows 7
Please provide any additional information below.
Just now looking at using the program. Assuming 4 is less verbose than 0, this
is what my organization is looking at using.
Thank you
-Brian
Original issue reported on code.google.com by [email protected]
on 7 Apr 2011 at 8:49
Hello
Is possible add an additional field in the record log that i send to DB.
The field must be of type string, and customizable for each client.
Tahnks in advance
Original issue reported on code.google.com by [email protected]
on 27 Aug 2010 at 4:01
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 29 Jun 2010 at 4:10
What steps will reproduce the problem?
1. Build with VS2010++ Express
2. Debug
What is the expected output?
Application starts normaly.
What do you see instead?
AccessViolation occurs.
What version of the product are you using? On what operating system?
Latest 4.0 on Windows XP
Please provide any additional information below.
It seems to be a problem with the timestamp variable. Removing the declaration
and replacing it in Global Space with:
char timestamp[16];
Allows the application to start.
Original issue reported on code.google.com by [email protected]
on 7 Dec 2010 at 3:47
What steps will reproduce the problem?
1. Standby the computer
2. Turn on the computer
3. Show service.msc, "Eventlog to syslog" service is not running
What version of the product are you using? On what operating system?
I tested the last version 4.4.2 on Windows Seven Pro 64 bits.
Original issue reported on code.google.com by [email protected]
on 15 Oct 2011 at 10:56
What steps will reproduce the problem?
1.evtsys.exe -i -h hostname.domain -l 0
2.
3.
What is the expected output? What do you see instead?
Server receive all logs (Application, System, Security) to same facility
(daemon).
What version of the product are you using? On what operating system?
version 4.4.2 , Windows XP 32-bit
Please provide any additional information below.
I could not install more than one facility through the key "-f". So I left the
default value (3).
Is it possible to split logs, for example System log to daemon facility;
Security to security/authorization facility; application log to user-level
facility; etc?
Original issue reported on code.google.com by [email protected]
on 7 Jul 2011 at 4:35
What steps will reproduce the problem?
1.All messages from german servers have priority notice.
2.On english servers the priority depens on the eventlog.
What is the expected output? What do you see instead?
If logons fails on german dcs, i need a priority err.
Instead all messages have priority notice.
What version of the product are you using? On what operating system?
Evtsys_4.3.1_64-Bit
Original issue reported on code.google.com by [email protected]
on 11 Oct 2010 at 3:59
When I run evtsys.exe in debug mode I create events in separate console window.
When I create event like this: eventcreate /t error /l system /id 100 /d
"desc", i get message: "error getting message string for RecordID ... the
message resource is present but the message is not found in string/message
table."
for some reason it can not read event message.
Another issue is that program cannot recognize event when I create it like
this: eventcreate /t error /l application /id 100 /d "desc", (application
event) then I get no output.
I am running program on win 7, 32 bit..
Original issue reported on code.google.com by [email protected]
on 6 May 2011 at 12:38
What steps will reproduce the problem?
1. A Windows 2008 server has print service started
2.
3.
What is the expected output? What do you see instead?
The Admin/Operational logs under "Application and Services
Log"->"Microsoft"->"Windows"->"PrintService" didn't send to the syslog server.
What version of the product are you using? On what operating system?
Windows 2008 R2 64bit. Syslog server: Centos 5.5
Please provide any additional information below.
Many thanks for your time!
Original issue reported on code.google.com by [email protected]
on 15 Apr 2011 at 7:25
What steps will reproduce the problem?
1. Run on cleanly installed Windows 2008 host.
2. See that registry keys are clearly missing on Windows 2008.
What is the expected output?
$thedate $host Microsoft-Windows-Security-Auditing: xxxx: An account was
successfully logged on. Subject: Security ID: S-x-x-x Account Name: - Account
Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security etc etc.
What do you see instead?
"Cannot find message file key for "SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Security-Auditing""
What version of the product are you using? On what operating system?
v4.4: 64bit on Windows 2008 (not R2)
Please provide any additional information below.
This is only an issue on Windows 2008. Windows 2008 R2 doesn't have this
problem.
Original issue reported on code.google.com by [email protected]
on 13 Dec 2010 at 9:59
An enhancement would be to have a "Ping before send" option in case the syslog
server is temporarily down or otherwise unavailable. This means that the
evtsys.exe sets a pointer in the evt/evtx logfile and starts reading from that
position as soon the syslog server comes back up.
Original issue reported on code.google.com by [email protected]
on 16 Nov 2010 at 11:12
Hi,
I would like to recieve 1 syslog message per event log message.
Currently I'm getting:
2011-07-27T14:52:42.041701+02:00 192.168.20.55 [...] ▒#010#022▒#036L<29>Jul
27 14:52:59 xxx xxx: Security-Auditing: 4673: [...]<29>Jul 27 14:52:59 xxx xxx:
[...]<29>Jul 27 14:52:59 xxx xxx: Security-Auditing: 4648: [...]
I would like to receieve one line per Event.
Thanks!
morphium
PS: I'm using TCP
Original issue reported on code.google.com by [email protected]
on 27 Jul 2011 at 12:56
What steps will reproduce the problem?
1. Restart Eventlog to Syslog service
What is the expected output? What do you see instead?
Syslog should only receive new events, instead over 2000 events from the past
month up to today are sent every time the service restarts.
What version of the product are you using? On what operating system?
Version 4.4 (64-bit) on Windows Server 2008 R2 Enterprise
Please provide any additional information below.
Uninstalling/reinstalling the service and rebooting the server does not affect
the behavior. The same 2000 events are sent each time I restart the service or
the server.
Events are thrown beginning 05/19 through 06/16 (today). We have this software
on several identical servers that do not exhibit this behavior. This started
last night after the latest round of windows updates, but again, only on this
one machine.
Original issue reported on code.google.com by [email protected]
on 16 Jun 2011 at 7:00
Hello,
I am currently testing evtsys and it seems to work fine.
As a enhancement, are you planning to add a disk buffer feature, to preserve
data in case of TCP connection problems?
Thank you,
Pierluigi
Original issue reported on code.google.com by [email protected]
on 6 May 2011 at 9:02
An enhancement would be to support TCP delivery to avoid syslog messages
getting lost in transit, or sending to an offline syslog server.
Original issue reported on code.google.com by [email protected]
on 16 Nov 2010 at 11:13
Rather than having two flags two different logservers, please have a single
flag that takes a comma delimited list of logservers. This would allow for more
flexibility in wide deployments.
Thanks,
Ben
Original issue reported on code.google.com by [email protected]
on 25 Oct 2011 at 7:21
What steps will reproduce the problem?
1. Running "evtsys.exe -d" on windows 2008 machine. Ignore file is default
(nothing is ignored)
(32-bit)
Jun 1 05:35:32 WIN2K8VMSGREGOI Flags: LogLevel=0, IncludeOnly=False, EnableTcp=
False, IncludeTag=False, StatusInterval=0
2. Generating events using
logevent -s E -c 3 -r "Hi this is a test" -e 42 "This is a message"
3. Events gets successfully sent to syslogd, as expected.
4. Stopping "evtsys -d" and then "net start evtsys".
5. Re-generating same logevent commands. Problem is that the same events are
not trapped in service mode.
What is the expected output? What do you see instead?
Whatever is trapped in the debug mode should be trapped when run as a service?
Using the same ignore file and same settings in the registry?
What version of the product are you using? On what operating system?
Latest (4.4.1)
Please provide any additional information below.
Tried setting a service account on the service, still does not work.
Original issue reported on code.google.com by stephanegregoire
on 1 Jun 2011 at 12:37
What steps will reproduce the problem?
1. We want to use Chineses Traditional syslog file to syslog server(Kiwi syslog)
2. English is OK. But Chineses Traditional is not OK.(Not readable)
What is the expected output? What do you see instead?
i can't read the syslog and have no idea how to solve this problem
What version of the product are you using? On what operating system?
Windows 2008 server、evtsys 4.2.0 - 32bit、kiwi Syslog v9.1
Please provide any additional information below.
Windows 2003 server evtsys 4.2.0 still can't readable
Original issue reported on code.google.com by [email protected]
on 9 Jun 2010 at 11:11
It would be great to have evtsys packaged as a MSI files instead of .zip-files,
so that it could be more easily be distributed via standard Windows software
deployment tools (such as SCCM).
Original issue reported on code.google.com by [email protected]
on 12 Apr 2011 at 12:59
I've been running this on a multitude of servers here and installed the
service the same way on each.
However, after checking my syslog server, I'm not getting anything except
for security logs from my windows servers... is there a reason for that?
Original issue reported on code.google.com by [email protected]
on 27 May 2010 at 8:18
This is a great utility, but I'd LOVE to see it be RFC 3164 compliant. It's
almost there, really; the biggest issue is spaces in the TAG field, and the
lack of a hostname.
Original issue reported on code.google.com by [email protected]
on 4 Feb 2010 at 10:59
Hi Sherwin
I tried to install the program (evtsys) in Windows 7 and I saw that there are
two errors (maybe bug):
1 - If you enable the option -n (-n Include only Those events specified in the
config file) and add in evtsys.cfg:
*************
Security-Auditing: 4624
Security-Auditing: 4634
Do not send anything to syslog server!!!!
2 If the option -n is not active (-n Include only Those events specified in the
config file)
evtsys send twice the same record to syslog server
4624 event ....
4624 event ....
Please help me
Thank you so much
Roberto
Original issue reported on code.google.com by [email protected]
on 8 Jan 2011 at 12:04
It would be great to have the ability to filter client side which messages to
send and which to ignore.
I´d really hope to ignore specific events with regexed tags on client side
already.
Like:
Ignoring all users with '%$' that come from events 4624, 4634, 538, 540.
I´m looking at horrendous network traffic and SQL operations right now - all
for events that are essentially of no value to anyone.
regards
Original issue reported on code.google.com by [email protected]
on 19 May 2011 at 9:20
What steps will reproduce the problem?
1. Installed the 64 bit version on Windows 2008 R2 Server into the
\Windows\System32 directory
2. Installed the service via:
evtsys -i -h 172.18.1.59
3. From the command line
net start evtsys
What is the expected output? What do you see instead?
Logs to be sent to the Fedora 14 syslog-ng server. No logs are sent.
What version of the product are you using? On what operating system?
Windows 2008 R2 64 bit
Fedora 14 Syslog-ng server 64 bit
EvtSys 4.4 64 bit
Please provide any additional information below.
HKLM\Software\ECN\EvtSys\3.0
Default = not set
Facility = 3
IncludeOnly = 0
LogHost = 172.18.1.59
LogHost2 =
LogLevel = 0
Port = 514
QueryDhcp = 0
StatusInterval = 1
Running via evtsys -d -h 172.18.1.59 I get the following every minute:
Feb 1 14:50:00 SHAREPOINT2010 Eventlog to Syslog Service Started: Version 4.4
(64-bit)
Feb 1 14:50:00 SHAREPOINT2010 Flags: LogLevel=0, IncludeOnly=False,
StatusInterval=1
Feb 1 14:50:55 SHAREPOINT2010 Eventlog to Syslog Service Running
Feb 1 14:51:56 SHAREPOINT2010 Eventlog to Syslog Service Running
Feb 1 14:52:57 SHAREPOINT2010 Eventlog to Syslog Service Running
Feb 1 14:53:59 SHAREPOINT2010 Eventlog to Syslog Service Running
Feb 1 14:55:02 SHAREPOINT2010 Eventlog to Syslog Service Running
Original issue reported on code.google.com by [email protected]
on 1 Feb 2011 at 4:09
What steps will reproduce the problem?
1. Run evtsys IncludeOnly=False
2. LogLevel=0
3. Run debug to view ignored events
What is the expected output? What do you see instead?
Login failures should be sent to syslog. Instead they're dropped.
IGNORING_EVENT: SOURCE=Security & ID=529
What version of the product are you using? On what operating system?
v4.4 on XPsp3
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 12 Feb 2011 at 1:34
I'd like to be able to install this app in a path other than in the system32
directory. (I always wary of sticking executables in that dir). When I had it
in a separate directory and installed it, the path was hard coded to the
system32 directory and not the path where it was executed from.
Original issue reported on code.google.com by [email protected]
on 15 Apr 2011 at 11:34
Aug 2 10:44:00 P Security: 593: P\Administrator:
宸茬粡閫€鍑烘煇杩囩▼: 杩囩▼ ID: 980 鍥惧儚鏂囦欢鍚?
C:\mrtg-2.16.2\bin\rateup.exe 鐢ㄦ埛鍚? Administrator 鍩? P 鐧诲綍 ID:
(0x0,0x10D07)
Original issue reported on code.google.com by [email protected]
on 2 Aug 2010 at 2:54
Is possible to set the priority as "ETC" "WARNING" "NOTICE" etc when i start
evtsys?
Original issue reported on code.google.com by [email protected]
on 6 Jul 2010 at 10:19
What steps will reproduce the problem?
1. We want to use Korean syslog file to syslog server(Kiwi syslog)
2. English is OK. But Korean is not OK.(Not readable)
What is the expected output? What do you see instead?
- If I use UTF-8, it should be OK.
What version of the product are you using? On what operating system?
- Windows 2008 server and evtsys 4.1.0 - 32bit.
Please provide any additional information below.
- Windows 2003 server and Windows 7 and evtsys 4.1.0 go well.
Original issue reported on code.google.com by [email protected]
on 8 Feb 2010 at 5:18
What steps will reproduce the problem?
1.Export all application logs to syslog-ng
2.Export all System logs to syslog-ng
3.
What is the expected output? What do you see instead?
I have MS SQL logs in application which are not being logged to Syslog-ng. I
would like to have these logs in syslog including failed, Error and success
logs. This is will enable me to filter the logs and send e-mail Alerts. Sorry
if there is a solution for this already but I don't know how to configure it.
By the way where is the configuration file? This is the only thing I could find.
'!!!!THIS FILE IS REQUIRED FOR THE SERVICE TO FUNCTION!!!!
'
'Comments must start with an apostrophe and
'must be the only thing on that line.
'
'Do not combine comments and definitions on the same line!
'
'Format is as follows - EventSource:EventID
'Use * as a wildcard to ignore all ID's from a given source
'E.g. Security-Auditing:*
'
'In Vista/2k8 and upwards remove the 'Microsoft-Windows-' prefix
'**********************:**************************
What version of the product are you using? On what operating system?
4.4.1 (64-bit) on Windows Server 2008.
Please provide any additional information below.
I want to use this for PCI DSS project. I want to get logs for Security,
Application and System. I want to pass all the logs from those locations to
syslog-ng.
Original issue reported on code.google.com by [email protected]
on 13 Apr 2011 at 4:32
I'm running Version 4.4. Although it is possible to increase the message size
limit with rsyslog and syslog-ng, it seems that evtsys is truncating messages
that are larger than 1024k.
Is there a possibility to get rid of this limitation?
Original issue reported on code.google.com by [email protected]
on 1 Feb 2011 at 4:56
Is there any way to use wildcards in the config file? Or is there a better
recommended way to exclude a few hundred different entries without creating
a line for each one?
Original issue reported on code.google.com by [email protected]
on 19 May 2010 at 10:07
The maximum message size for a syslog message is normally 1024 bytes.
Some syslog implementations like rsyslogd will accept larger message sizes if
told to even though it's not according the standard.
Request: A way to change the max message size without recompiling the program.
Original issue reported on code.google.com by [email protected]
on 13 Dec 2010 at 10:03
I'm testing eventlog-to-syslog, and it looks very interesting - thanks.
However, the evtsys.exe seems to be listening on an UDP port. Why is that? May
be the documentation should mention it.
Original issue reported on code.google.com by [email protected]
on 12 Apr 2011 at 11:50
What steps will reproduce the problem?
Some events like Security 560
(http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?even
tid=560) have success/failure status. It is not reported by evtsys.
What is the expected output? What do you see instead?
A new field indicating the status.
What version of the product are you using? On what operating system?
4.4 on windows 2003, 2008
Please provide any additional information below.
Mainly occurs on Audit Events, where you can check if an event has succeeded or
not.
Original issue reported on code.google.com by [email protected]
on 8 Mar 2011 at 4:01
What steps will reproduce the problem?
1.Run ex. gpudate in cmd
What is the expected output?
EVTsys send to log entries to the syslog-server.
I can see that when running this GPupdate-command, the GroupPolicy\Operational
evt-log gets written to, but EVTsys does not record/send these messages.
What do you see instead?
EVTsys should send the events to the syslog server.
I would like an option to specify which "Applications and Service logs" I would
like EVTsys to monitor, eg in the evtsys.cfg file?! (EVTsys should not by
default monitor all logs, because there is so much logging going on in these
logs)
What version of the product are you using? On what operating system?
4.4.0.0
Windows server 2008 R2
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 6 Oct 2011 at 8:38
What steps will reproduce the problem?
Need any Russian version of Windows
What is the expected output?
in UTF-8 (russian message):
Sep 20 11:05:38 gaidukav.******* GAIDUKAV Service_Control_Manager: 7036:
Служба "Планировщик классов мультимедиа"
перешла в состояние Остановлена.
What do you see instead?
in 437 codepage:
Sep 20 11:05:38 gaidukav.******* GAIDUKAV Service_Control_Manager: 7036:
Сл�\203жба
"∩┐╜\237╨╗╨░╨╜╨╕∩┐╜\200╨╛╨▓∩┐╜\211╨�
��╨║ ╨║╨╗╨░∩┐╜\201∩┐╜\201╨╛╨▓
╨╝∩┐╜\203╨╗∩┐╜\214∩┐╜\202╨╕╨╝╨╡╨┤╨��
�╨░" ╨┐╨╡∩┐╜\200╨╡∩┐╜\210╨╗╨░ ╨▓
∩┐╜\201╨╛∩┐╜\201∩┐╜\202╨╛∩┐╜\217╨╜╨╕╨�
��
∩┐╜\236∩┐╜\201∩┐╜\202╨░╨╜╨╛╨▓╨╗╨╡╨��
�╨░.
Some chars in russian UTF-8 strings converted to \200, \201, \202... codes.
Result - UTF-8 string not readable.
Applying Perl code (regexp) to each string of log
$log_string =~ s/\\(\d{3})/chr(oct("0$1"))/egx;
solving the problem.
What version of the product are you using?
Eventlog to Syslog 4.4.2 (64-Bit)
On what operating system?
Windows 7 x64 Russian
Original issue reported on code.google.com by [email protected]
on 20 Sep 2011 at 7:37
Attempting to run the program results in the following error:
C:\eventlog-to-syslog>evtsys.exe -d -h syslogserver
Checking ignore file...
Jun 28 12:12:08 myserver1 Cannot initialize access to registry: "Software\ECN\
EvtSys\3.0": The operation completed successfully.
Command did not complete due to a failure
This was tested on windows 2000 and 2003 32bit using the contents of
Evtsys_4.3.0_32-Bit.zip
Original issue reported on code.google.com by [email protected]
on 28 Jun 2010 at 4:15
What steps will reproduce the problem?
1.Installed on a Win 2003 Domain Controller
2.Facility set to "User"
3.No exclusions
What is the expected output? What do you see instead?
To see Security Event ID 566 on the syslog server. This event is what
registers all Active Directory object creation: Users, computers, OU's, etc.
On my syslog server, I don't see this event pop up at all.
What version of the product are you using? On what operating system?
442 32bit
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 8 Jul 2011 at 1:27
What steps will reproduce the problem?
1.Event log entries like this:
Event Type: Information
Event Source: sshd
Event Category: None
Event ID: 0
Date: 21.02.2011
Time: 13:33:09
User: PEXXXX\cyXXXXXXX
Computer: PEXXXXXX Description:
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The
local computer may not have the necessary registry information or message DLL
files to display messages from a remote computer. You may be able to use the
/AUXSOURCE= flag to retrieve this description; see Help and Support for
details. The following information is part of the event: sshd: PID 260:
Accepted publickey for cyXXXXXXXX from XXXXXXXXXX port 56861 ssh2.
came in the syslog
syslog PEXXXXX daemon err 2011-02-21 13:33:13 find message file key for
"SYSTEM\CurrentControlSet\Services\Eventlog\Application\sshd"
What is the expected output? What do you see instead?
The Priority as information and the option -l=3 (level) should not show this
message.
What version of the product are you using? On what operating system?
Product Version 4.4.0
Operating System is Windows Server 2003 R2 64Bit standard.
Application in this eventlog message is cygwin ssh deamon.
Original issue reported on code.google.com by [email protected]
on 21 Feb 2011 at 1:18
Is possible to convert you code to SharpDevelop C#
Many tanks
Roberto
Original issue reported on code.google.com by [email protected]
on 9 Feb 2011 at 11:34
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.