hanhongwen / eventlog-to-syslog

Automatically exported from code.google.com/p/eventlog-to-syslog
0 stars 0 forks source link

Windows 7 Events Sent Twice #22

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi Sherwin

I tried to install the program (evtsys) in Windows 7 and I saw that there are 
two errors (maybe bug):

1 - If you enable the option -n (-n Include only Those events specified in the 
config file) and add in evtsys.cfg:
*************
Security-Auditing: 4624
Security-Auditing: 4634

Do not send anything to syslog server!!!!

2 If the option -n is not active (-n Include only Those events specified in the 
config file)

evtsys send twice the same record to syslog server

4624 event ....
4624 event ....

Please help me

Thank you so much
Roberto

Original issue reported on code.google.com by roberto....@gmail.com on 8 Jan 2011 at 12:04

GoogleCodeExporter commented 9 years ago
I have done some checking and for some reason the Microsoft-Windows- prefix is 
not being removed and I'm not sure why. I will have to dig a bit deeper to 
solve that issue. To rectify, in the configuration file use 
Microsoft-Windows-Security-Auditing instead of just Security-Auditing.

As far as the events being sent twice, check your registry at 
HKLM\Software\ECN\3.0 and make sure you don't have the settings for LogHost and 
LogHost2 the same.  If you do not have a secondary syslog server make sure 
LogHost2 is blank.

Original comment by sherwin....@gmail.com on 10 Jan 2011 at 3:44

GoogleCodeExporter commented 9 years ago
Did you resolve this issue?

Original comment by sherwin....@gmail.com on 9 Feb 2011 at 4:46

GoogleCodeExporter commented 9 years ago
For the primary question yes 
For the second question: "As far as the events being sent twice, check your 
registry at HKLM\Software\ECN\3.0 and make sure you don't have the settings for 
LogHost and LogHost2 the same.  If you do not have a secondary syslog server 
make sure LogHost2 is blank."
NO !!
Thanks

Original comment by roberto....@gmail.com on 9 Feb 2011 at 11:30

GoogleCodeExporter commented 9 years ago

Original comment by sherwin....@gmail.com on 22 Feb 2011 at 12:07

GoogleCodeExporter commented 9 years ago
Roberto, if you are still having this issue I would like to help you solve it. 
Can you give me some more information?

What is the contents of the registry values.
Have you made any modifications to the utility (Other than what wired made)
Did you try running the utility in debug mode to see what output it provides

You can email me this information

Thanks,

Sherwin

Original comment by sherwin....@gmail.com on 10 Mar 2011 at 6:39

GoogleCodeExporter commented 9 years ago
I'm going to assume this has been resolved since I have not heard anything 
back. Please get in touch with me if this still poses a problem.

Original comment by sherwin....@gmail.com on 1 Apr 2011 at 4:28

GoogleCodeExporter commented 9 years ago
Hi Shervin

Excuse me,but i have some problems at work and i am very busy.As soon as
possible i verify the problem thanks so much for the changes
Roberto

Original comment by roberto....@gmail.com on 6 Apr 2011 at 5:01

GoogleCodeExporter commented 9 years ago
I have tested the new version i started the service with the option -t but i
can't see the tag value in the syslog messages
How i can use it ????

Original comment by roberto....@gmail.com on 6 Apr 2011 at 10:16