• 12 Feb 2024 - v5.2.3 released

How to forward Windows system events to logFaces?

There are many free and commercial syslog forwarders for Windows out there on the internet. You can use any of them and direct the traffic to logFaces syslog receiver end point.

Here is a very popular tool named eventlog-to-syslog. It is a very nice, robust and simple forwarder. We use it daily for a long time without problems. Read its manual, set it up as Windows service and let it direct the logs to the logFaces receiver.

Syslog receiver on server side needs to listen to that port you specified with the forwarder. In most cases, you will also need to define a pattern to parse the incoming logs. Normally when format of log messages is unknown, we enable the 'Debug' switch in receiver and look at them closely. Receiver will dump all incoming traffic into local log file (see /log directory on your server). Inspecting the format will give you an idea how to set up the parsing pattern to extract the data from messages. Don't forget to disable 'Debug' switch when finished setting up the receiver.

Here is a practical example, this receiver extracts host name, facility (mapped to logger name) and message body from the source traffic. This info then becomes query-able with logFaces.

Please refer to user manual for more details on setting up syslog receivers.

Frequently asked questions

We have compiled a list of most popular user questions for you. This should help you to get quick info on whether logFaces is a suitable product for you before getting deep into the details.

•   General inquiries
•   Technical support
•   Licensing
•   Orders and payments
•   Feedback