MS SQL Logs

[GoogleCodeExporter]

What steps will reproduce the problem?
1.Export all application logs to syslog-ng
2.Export all System logs to syslog-ng
3.

What is the expected output? What do you see instead?
I have MS SQL logs in application which are not being logged to Syslog-ng. I 
would like to have these logs in syslog including failed, Error and success 
logs. This is will enable me to filter the logs and send e-mail Alerts. Sorry 
if there is a solution for this already but I don't know how to configure it. 
By the way where is the configuration file? This is the only thing I could find.

'!!!!THIS FILE IS REQUIRED FOR THE SERVICE TO FUNCTION!!!!
'
'Comments must start with an apostrophe and
'must be the only thing on that line.
'
'Do not combine comments and definitions on the same line!
'
'Format is as follows - EventSource:EventID
'Use * as a wildcard to ignore all ID's from a given source
'E.g. Security-Auditing:*
'
'In Vista/2k8 and upwards remove the 'Microsoft-Windows-' prefix
'**********************:************************** 

What version of the product are you using? On what operating system?
4.4.1 (64-bit) on Windows Server 2008.

Please provide any additional information below.
I want to use this for PCI DSS project. I want to get logs for Security, 
Application and System. I want to pass all the logs from those locations to  
syslog-ng.

Original issue reported on code.google.com by mustafea...@gmail.com on 13 Apr 2011 at 4:32

[GoogleCodeExporter]

That is the correct configuration file. Can you explain to me exactly what the 
problem is, or what you are trying to do? Are you currently running the utility?

When you run evtsys.exe and point it to a syslog server it should forward 
everything that occurs in the event logs to the syslog server, including 
Application, System, Security, etc.

Original comment by sherwin....@gmail.com on 15 Apr 2011 at 2:52

[GoogleCodeExporter]

Sorry it was error from Windows Server 2008 instead of eventlog. I was trying 
to get events for account managements. I.e. get event logs for things like 
creating, deleting and changing user accounts. The event log for account 
managements wasn't configured. I believe this is a default configuration. If 
anyone is having difficulties with this give me a shout and I will be happy to 
help. I got this solved now and everything is working properly. Thank you for 
getting back to me. This is a great tool, does exactly what I needed and in my 
opinion Much! better than Snare.  

Original comment by mustafea...@gmail.com on 16 Apr 2011 at 6:42

[GoogleCodeExporter]

I'm glad the utility is able to meet your needs. I will close this issue now.

-Sherwin

Original comment by sherwin....@gmail.com on 17 Apr 2011 at 4:49

• Changed state: Invalid

[GoogleCodeExporter]

I installed the service using the following command:
evtsys.exe -i -h hostname.domain -l 0
But the server does not receive logs for Application !
I could not install more than one facility through the key "-f". So I left the 
default value (3).
Which facility should be set to receive all logs?

Original comment by saturnsu...@gmail.com on 7 Jul 2011 at 4:21