NTSyslog

About NTSyslog

This program runs as a service under Windows NT based operating systems. It formats all System, Security, and Application events into a single line and sends them to a syslog(3) host.

Get the msi installer at the project's sourceforge download page: http://sourceforge.net/projects/ntsyslog/files/

For more information on configuring NTSyslog, visit the project site on http://ntsyslog.sourceforge.net/

MSI installer package.xml

These install commands do the following:

  • Install NTsyslog silently
  • Import settings from a registry file
  • Delete the Control-Tool Link from Desktop
  • Start the NTSyslog service
 

<packages>

<package id="ntsyslog" name="NTSyslog" revision="1.15" priority="5" reboot="false">
<check type="uninstall" condition="exists" path="NTSyslog"/>

<install cmd='msiexec /i "%SOFTWARE%\ntsyslog\NTSyslog2.msi" /qn' timeout="120"/>
<install cmd='regedit /S "%SOFTWARE%\ntsyslog\settings.reg"' timeout="10"/>
<install cmd='%COMSPEC% /C del /Q "%ALLUSERSPROFILE%\Desktop\NTSyslogCtrl-Tool.lnk"' timeout="10"/>
<install cmd='net start NTSYSLOG' timeout="10"/>

<upgrade cmd='net stop NTSYSLOG' timeout="10">
    <exit code="2" />  <!-- Service not running -->
</upgrade>
<upgrade cmd='msiexec /qn /I "%SOFTWARE%\ntsyslog\NTSyslog2.msi"' />
<upgrade cmd='regedit /S "%SOFTWARE%\ntsyslog\ntsyslog.reg"' timeout="10"/>
<upgrade cmd='%COMSPEC% /C del /Q "%ALLUSERSPROFILE%\Desktop\NTSyslogCtrl-Tool.lnk"' timeout="10">
    <exit code="any" /> <!-- For an upgrade shortcut may already have been deleted.  -->
</upgrade>
<upgrade cmd='net start NTSYSLOG' timeout="10"/>

<remove cmd='msiexec /qn /x{39188B0E-A360-4F55-BA81-6D88BC00686C}' />
</package>

</packages>

Example .reg file for unattended tweaking of NTSyslog setting

See "Registry Settings" on http://ntsyslog.sourceforge.net/ for more information on tweaking your settings.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet]
"Syslog"="fqdn.or.ip.of.your.syslog.server"
"Syslog1"="fqdn.or.ip.of.your.backup.syslog.server"

[HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System]
"Information"=dword:00000001
"Information Priority"=dword:0000001e
"Warning"=dword:00000001
"Warning Priority"=dword:0000001c
"Error"=dword:00000001
"Error Priority"=dword:0000001b
"Audit Success"=dword:00000001
"Audit Success Priority"=dword:0000001d
"Audit Failure"=dword:00000001
"Audit Failure Priority"=dword:0000001d

[HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security]
"Information"=dword:00000001
"Information Priority"=dword:00000026
"Warning"=dword:00000001
"Warning Priority"=dword:00000024
"Error"=dword:00000001
"Error Priority"=dword:00000023
"Audit Success"=dword:00000001
"Audit Success Priority"=dword:00000025
"Audit Failure"=dword:00000001
"Audit Failure Priority"=dword:00000025

[HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application]
"Information"=dword:00000001
"Information Priority"=dword:0000000e
"Warning"=dword:00000001
"Warning Priority"=dword:0000000c
"Error"=dword:00000001
"Error Priority"=dword:0000000b
"Audit Success"=dword:00000001
"Audit Success Priority"=dword:0000000d
"Audit Failure"=dword:00000001
"Audit Failure Priority"=dword:0000000d