Follow

Converting Windows EventLog to Syslog nxlog.co/eventlog-to-syslog

Learn all about the different formats - BSD, IETF, Snare as well as the Syslog extensions (LEEF, CEF, JSON over Syslog)

Just a note, the post that I wrote is about Syslog messaging formats and the differences in formats (there are various use cases as to why, but is too long here, usually in cases like sending to SIEM).

There is Syslog as an actual messaging format (ie Syslog BSD, Syslog IETF) and protocol (see en.wikipedia.org/wiki/Syslog to read more and as a starting point) . And then there are company published Syslog implementations and various other utilies based on the protocol (ie Syslog-ng, Rsyslog).

@superruserr
As an absolut log-o-holic I would suggest avoiding syslog anywhere you can ... there are far better log shipping solutions out there (filebeat/winlogbeat for example).

@superruserr
I am intimately familiar with the various syslog protocols :) But my main argument was that there are better solutions for either logging or log shipping on anything that's not an appliance or a device nowadays, especially if you are serious about logging.

Just to give a small example - our logging infrastructure ingests > 20TB / day at over 1.000.000 EPS during peak times from tens of thousands of devices.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.