1

Assume you were to have a predominantly Windows enterprise environment and that you have a number of Ubuntu servers you need to integrate into that environment, while introducing as few new enterprise tools for managing logs in a cross-platform way as possible. So, there would be Ubuntu system logging, various applications logging, etc. on those Ubuntu servers that you would like to appear as if they were just events in a Windows server (vs. using separate log aggregation/viewing/management tools).

Is there a way to emulate Windows event logging in Ubuntu? e.g. can Samba or something else provide event logs to Server Manager, etc. running in a separate Windows environment?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Gary S. Weaver
  • 113
  • 2
  • 10
  • 9
    I hear a disturbance in the kernel, like a thousand Linux gurus all crying out in rage simultaneously. – Hyppy Dec 08 '14 at 16:22
  • 2
    Its actually much much easier to go the other way around, have windows log to a syslog server, and monitor the logs the unix way. – Grant Dec 08 '14 at 16:27
  • 1
    See here: http://serverfault.com/questions/278369/forward-unix-syslog-to-windows-event-viewer - there might be a better one out there now...something that takes syslog messages and creates event viewer entries but why? Why wouldn't you want to use log aggregation tools to centrally monitor everything instead? – TheCleaner Dec 08 '14 at 16:32
  • @Grant Assume that I'm on the Enterprise team in a First Contact scenario, i.e. administration will continue to be done in Windows. – Gary S. Weaver Dec 08 '14 at 16:44
  • 2
    @GaryS.Weaver Windows can read text files. Not well, with the built in notepad mind you, but it can :) Realistically, you will probably need separate log monitoring for linux systems. – Grant Dec 08 '14 at 16:45

2 Answers2

1

There are two options for this:

1)Write your own little windows service which accepts linux logs and writes each entry to the appropriate windows log using the windows syslog event facilities/system calls. This should really only take a couple hours to code up.

Linux rsyslog/ksyslog supports an open protocol to facilitate centralized logging, so all you have to do is implement a small chunk of that for your service and your linux boxes will send their logs to your windows service. You could also use some other mechanism such as mounting a samba share containing /var/log on the linux box then reading the logs as they come in, but latency might become an issue.

2)You could use an enterprise tool like splunk or logstash.

I know you said you didn't want to add a lot of external tools, but you'll need to add at least one whether you use option 1 or 2.

Binary
  • 174
  • 8
1

As @Binary was mentioning, Linux is using syslog to centralize the logging. You can use a Windows implementation of the syslog server that can send the logs to Event logger, like Kiwi Syslog Server Commercial Edition.

Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83