Nothing fancy here: just a quick note on directing Windows event logs and select application logs to a remote syslog server.

For a Unix admin, searching Windows logs is a frustrating experience. Just looking at the event viewer GUI hurts my eyes. One option is to redirect those logs to a Unix-based remote syslog collector.

Download and install Nxlog version appropriate for your OS here. Download the nxlog.conf here and edit a couple of things:

When done editing nxlog.conf, don’t forget to restart the nxlog service from the Services control panel.

It is easier to find the application logs of interest by using the Linux subsystem for Windows. I have Kali Linux installed. Type this command in the terminal window to locate recently-modified application *.log files.

Then use these paths to add new <Input_watchfile#> sections to the nxlog.conf file. Once again, don’t forget to restart the nxlog service after editing the config file.

On your rsyslog server you will then be able to see stuff like: