Event Log Format – Windows Agent
Integrating Windows into the Enterprise Logging structure is obviously important. With rsyslog, this can be done with minimal hassle.
The rsyslog Windows Agent support all native Window Event Log formats. It both the new Windows Event Log system introduced in Windows 2008 and above as well as the previous Event Log System. As far as is possible, the rsyslog Windows Agent normalizes both formats into a common format easily understood by consumers. Note that Active Directory guids, for example, are translated into the respective objects. The Agent also includes logic to handle (and re-set if necessary) corrupt Windows Event Logs. Using reliable transmission modes like RELP or RFC5424/5425 based syslog Windows Events are only transmitted when they can be securely received.
Adiscon has a proven track record in Event Log to syslog conversion, and actually invented that class of software back in 1997. The new rsyslog Windows Agent builds on this proven technology and optimizes it for combination with the rsyslogd backend. All Windows versions, server and workstation, are being supported. Also, Adiscon has pledged to add support for any new Event Log System as soon as public betas of said system become available.