Skip to main content
Skip table of contents

Syslog - Adiscon EventReporter

EventReporter processes the NT Event Logs, parses them, and forwards the results via Syslog protocol to a central Syslog server. It runs on Windows Servers and Workstations from NT to Server 2008 and Windows Vista.

This guide instructs you how to configure collection of EventReporter logs via the LogRhythm System Monitor.

Prerequisites

Identify the System Monitor to be used for the log collection.

Configure EventReporter

  1. In the Event Reporter Configuration Client tool, click My Computer, click RuleSets, click Default Rule Set, click ForwardSyslog, click Actions, and then click ForwardSyslog.

    A configuration window appears.

  2. Select the Process message while relaying check box.
  3. In the Message Format box, type:
    %NTEventLogType% TYPE=%severity% USER=%user% COMP=%source% SORC=%sourceproc% CATG=%category% EVID=%id% MESG=%msg%
    The log source will process using the Syslog – McAfee Intrushield Manager log source type rules.
  4. Click Save.

No additional changes are necessary to configure LogRhythm to work with Event Reporter.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close