I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
If it doesn't show up in the Windows Event log, couple options depending on the level of sophistication you are looking for.
1. If you like Kiwi Syslog and are looking for something at that level, you can use Snare Window agent to take text files and forward as syslog, see here
2. If you are looking to grab other logs from multiple locations and more sophistication for log and event management, we have another product called Log and Event Manager, you can read more about it here.
The Snare Window agent worked perfectly. Their site doesn't have the best instructions on setting up Epilog but after playing with it, I was able to get it to send the messages just fine.
None of the DHCP messages show up in the Windows Event log for Windows Server 2008, so the Log Forwarder doesn't help at all for that.
Thanks for your help.
Fantastic, glad to hear. So you have those logs being converted to Syslog and being sent to Kiwi Syslog ok?
Yes. The Snare Epilog converts each line from the DHCP logs and sends them to Kiwi Syslog. I set them to a different facility than our other systems to make it easy to filter.
