Open main menu

Eventlog to Syslog Service

The Eventlog-to-Syslog Service, originally from Purdue ECN, relays eventlog messages to a syslog server.


Package

<packages>

<package
   id="evtsys"
   name="Eventlog to Syslog"
   revision="5"
   reboot="false"
   priority="40">

   <variable name="version" value="4.5.1" />
   <variable name="fileversion" value="4.5.1" />
   <!-- Track size because version on 4.4.3 is still 4.4 -->
<!--
   <variable name="exesize" value="116736" architecture="x86" />
   <variable name="exesize" value="137728" architecture="x64" />
-->

   <variable name="loghost" value="10.0.0.2" /> <!-- put your loghost IP here -->

  <!-- <check type="file" condition="sizeequals" path="%WINDIR%\system32\evtsys.exe" value="%exesize%" /> -->
  <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\evtsys.exe" value="%fileversion%" />

  <check type="registry" condition="equals" path="HKLM\Software\ECN\EvtSys\3.0\LogHost" value="%loghost%" />
  
   <!-- improve reliability if evtsys was not installed under wpkg control -->
   <install cmd='net stop EvtSys' >
     <exit code="any" />
   </install>
   <install cmd="cmd.exe /C if exist &quot;%WINDIR%\system32\evtsys.exe&quot; &quot;WINDIR%\system32\evtsys.exe%&quot; -u" >
     <exit code="any" />
   </install>
   <install cmd="cmd /C del &quot;%WINDIR%\system32\evtsys.cfg&quot;">
     <exit code="any" />
   </install>
   <!-- normal install -->
   <install cmd="cmd.exe /C copy /y %SOFTWARE%\evtsys\%version%_32\evtsys.exe %WINDIR%\system32\" architecture="x86" />
   <install cmd="cmd.exe /C copy /y %SOFTWARE%\evtsys\%version%_64\evtsys.exe %WINDIR%\system32\" architecture="x64" />

   <install cmd="%WINDIR%\system32\evtsys.exe -i -h %loghost%" >
     <exit code="1" />
   </install>
   <install cmd='%WINDIR%\system32\reg.exe add "HKLM\System\CurrentControlSet\services\EvtSys" /v DependOnService /t REG_MULTI_SZ /d eventlog\0tcpip /f' /> <!-- Don't know if this is still needed with 4.5 -->
   <install cmd='net start EvtSys' />


   <upgrade cmd='net stop EvtSys' >
     <exit code="any" />
   </upgrade>
   <upgrade cmd="%WINDIR%\system32\evtsys.exe -u" />

   <upgrade cmd="cmd.exe /C copy /y %SOFTWARE%\evtsys\%version%_32\evtsys.exe %WINDIR%\system32\" architecture="x86" />
   <upgrade cmd="cmd.exe /C copy /y %SOFTWARE%\evtsys\%version%_64\evtsys.exe %WINDIR%\system32\" architecture="x64" />
   <upgrade cmd="cmd.exe /C del %WINDIR%\system32\evtsys.dll" /> <!-- DLL removed in 4.5 -->
   <!-- Necessary to deal with bug #93
        http://code.google.com/p/eventlog-to-syslog/issues/detail?id=93 -->
   <upgrade cmd="cmd /C del &quot;%WINDIR%\system32\evtsys.cfg&quot;">
     <exit code="any" />
   </upgrade>

   <upgrade cmd="%WINDIR%\system32\evtsys.exe -i -h %loghost%" >
     <exit code="1" />
   </upgrade>
   <upgrade cmd='%WINDIR%\system32\reg.exe add "HKLM\System\CurrentControlSet\services\EvtSys" /v DependOnService /t REG_MULTI_SZ /d eventlog\0tcpip /f' />
   <upgrade cmd='net start EvtSys' />



   <remove cmd='net stop EvtSys' >
     <exit code="any" />
   </remove>
   <remove cmd="cmd.exe /C del %WINDIR%\system32\evtsys.exe" />
   <remove cmd="cmd.exe /C del %WINDIR%\system32\evtsys.dll" />

</package>
Last modified on 21 April 2014, at 15:55