Beginning in version 7.0, MOVEitDMZ has the ability to directly log events to SysLog management consoles. For more information on how to set this up, please visit the Web Interface - Settings - System - Auditing section of the documentation. In order to send audit log events to SysLog or SNMP management consoles in previous versions of MOVEitDMZ, Audit entries must first be logged to the Windows Event Log, whereby a third-party utility could be used to forward these events along to a SysLog or SNMP server. This guide briefly describes several easy-to-obtain utilities which will send MOVEit DMZ entries from the Windows Event Log to a SysLog Server or SNMP management console. It is generally best to log events into the Windows "MOVEit" Event Log instead of the Windows "Application" Event Log if you plan on using any of these utilities to avoid having to screen for particular event log entry sources.
SysLog is based on UDP (usually port 514). SysLog is an "unreliable" protocol in the sense that neither the client nor the server will know (or care) if SysLog messages are dropped by the network.
A mature (10+ year old) commercial client called "Event Reporter" is available to perform filtering on event logs before sending them to a SysLog. This client was available online for $49 on February 18, 2005.
A freeware client called Snare is available to perform filtering on event logs before sending.
A commercial client called "WinAgents Event Log Translation Service" is available to perform some filtering on event logs before sending them to a SysLog server and/or an SNMP management console. This client was available online for $45 on February 18, 2005.
A freeware utility called winlogd can be used to scoot all events from all event logs to a designated SysLog server.
D:\temp>winlogd -i Installation successful, say `net start winlogd` D:\temp>winlogd --show Server: 192.168.101.1 Port: 514 Facility: LOCAL3 Monitor: 6000 Flush: 6000 D:\temp>net start winlogd The winlogd service is starting. The winlogd service was started successfully.
This program does not have a lot of options (Server, Port and Facility), but it is a quick and effective way to get MOVEit DMZ events and other interesting messages into a designated SysLog server.
The SNMP protocol uses the concepts of "community"; typically events are fired off into a community and an SNMP management console collects, logs and perhaps acts upon them. Ipswitch makes no suggestion regarding SNMP management consoles; our customers usually either have one or do not have one, and selection of this type of server goes well beyond this documentation. However, Ipswitch does suggest a couple of clients which would likely work as an SNMP "client" in most SNMP situations.
Like SysLog, SNMP is based on UDP (usually port 161). As such, SNMP is not the most reliable protocol out there.
Unlike SysLog clients, SNMP "clients" tend to be purchased in bulk. In fact, if you own an SNMP management console, you likely already also own an SNMP client you can use. (Ask the group in charge of your SNMP management console.) Nonetheless, there are a handful of vendors who will offer you a compatible, standalone SNMP client.
A commercial client called "WinAgents Event Log Translation Service" is available to perform some filtering on event logs before sending them to a SysLog server and/or an SNMP management console. This client was available online for $45 on February 18, 2005.