Evtsys是一款将Windows事件日志转换为Syslog格式的工具。文章介绍了如何下载并安装evtsys.exe,以及设置参数如主机名、端口、日志级别等,以将不同级别的日志发送到Syslog服务器。通过命令行选项如'-i'(安装服务)、'-u'(卸载服务)和'-l'(设置日志级别),用户可以定制日志传输行为。
解压缩得到一文件 :evtsys.exe
32位的放到 C:\Windows\System32
64位的放到 C:\Windows\SysWOW64
安装服务:
C:\Windows\SysWOW64>evtsys.exe ?
Version: 4.5.1 (64-bit)
Usage: evtsys.exe -i|-u|-d [-h host[;host2;...]] [-f facility] [-p port]
[-t tag] [-s minutes] [-q bool] [-l level] [-n] [-a]
-i Install service 安装服务
-u Uninstall service 卸载服务
-d Debug: run as console program
-a Use our IP address (or fqdn) in the syslog message
-h hosts Name of log host(s), separated by a ';' 指向日志服务器的IP
-f facility Facility level of syslog message
-l level Minimum level to send to syslog 传送日志的等级
0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info
-n (**Win9x/Server 2003 Only**) Include only those events specified
in the config file
-p port Port number of syslogd 端口号
-q bool Query the Dhcp server to obtain the syslog/port to log to
(0/1 = disable/enable)
-t tag Include tag as program field in syslog message
-s minutes Optional interval between status messages. 0 = Disabled
Default port: 514
Default facility: daemon
Default status interval: 0
Host (-h) required if installing.
Command did not complete due to a failure
安装:C:\Windows\SysWOW64>evtsys.exe -i -h 0.0.0.0 -p 514
默认的把该机器上所有的日志传送到日志服务器
如果只指定日志类型 -l 1,2,3 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info 是全部 如果有多个 中间用逗号隔开
用下面指令 evtsys.exe -i -h 172.31.32.3 -p 514 -l 1,2,3
扫一扫
4226
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
