cybersecurity

3598 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

[email protected]

Windows Syslog Receiver (infosec.pub)

submitted 1 year ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Hey all, got a quick question!

I want to receive, parse and store syslogs from various devices on my home network on my windows box. I know, I know, its a bit backwards but I'd like to proceed with this sort of setup if possible (not against discussion, of course).

I've looked and looked for options but it seems like everything has been bare bones and basically just receives, or is locked behind premium. Surely there's some sort of solution out there, no? I'd be willing to implement something in Python if I need to but I'm considerably more hesitant when compared to using an open source soln.

Thanks for your time, looking forward to discussing/learning more!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 year ago (1 children)

Your choices are

nxlog - it's awesome.
rsyslog built for windows - it's rsyslog, but built for windows
some ridiculously rube-goldbergian mess that requires you set up an entire ecosystem and get a PhD to get properly configured with your 3 new staff members.

Both use code from rsyslog, listen on 514 (configurable) and do logging. I think they'll even take mqtt and json-format stuff, but I wasn't needing that yet so I didn't care

Full disclosure: I first started looking into this at my last post, a mere 600 boxes for windows, which I don't do and didn't care about except some log guy was a splunk fanboy dick and I punked him as often as I could because splunk's absolute inability to cope pissed me off and thus he did by association -- thus the mqtt angle as I tried to push that transport idea through because splunk has no clue anymore and can't cope with mqtt and I liked to see his brain reboot. I'm a Linux/Unix guy so I mainly quote on things that will bring the oddballs into line. My new spot has like 3600 winboxes and I just heard that group's choice for shipping logs to the central log correlation is ...

... Nxlog.

Grain of salt, but good luck.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Yeah so rsyslog is one of those premium products. Seems like I can only practically receive without paying for fuckin parsing capabilities (ew)

But I’ll definitely check out the other! Appreciate it!