NeoLogger – Windows Syslog Command Line Logger

NeoLogger is Windows version of the logger command known from UNIX/LINUX systems used to send SYSLOG messages.It adds some usefull features to filter and replace content, reads from standard input, files or the windows eventlog. It is also able to watch a file or an eventlog for changes and transmits only the new entries

Features :

  •     Reads Standard Input, Files, Windows Eventlog
  •     Filter and Replacement Functions
  •     Skip empty lines or nonreadable ASCII characters
  •     Watch File or Eventlog for new entries (like tail -f)

 Valid Input Streams:

1. Single Line set with the “-m” parameter

2. File Input set with the “-r” parameter

3. Standard-Input – default if nothing else is defined

4. Windows Eventlog Source using the “-et” parameter

 Standard Parameters:

-t Target (ip or dns name) default: 127.0.0.1

-p Port (target port) default: 514

-l Level (1-7, 1=kernel … 7=debug) default: 5=notice

-f Facility (local1,local2…) default: local4

-d debug switch

-m Message default: “Follow the white rabbit”

 Special Parameters:

-prefix default: “NeoLogger: ”

-r filename i.e. “C:\Program Files\Trendmicro\updinfo.ini”

-et read Windows Eventlog i.e. “Application” (Security needs ‘elevate …’)

-n only read new entrys (like tail -f); applies to “-r” and “-et”

 Advanced Features:

-g regex/string to select lines to be send i.e. “sshd”

-gv regex/string to filter lines from output i.e. “courier:”

-i ignore case of string set by -g or -gv

-a only readable ASCII characters (including space and tab)

-e also send empty lines, they are suppressed by default

-sv search value i.e. “[\s]+” (multiple spaces)

-rv replacement value i.e. ” ” (single space)

=== Requirements

.NET Framework 3.5 (Client Profile)

=== License

Apache License V2.0

Applies only to the “NeoLogger Component”

=== Examples

Transmit TrendMicro Office Server Signature Pattern information

neolog.exe -t syslog.intranet.local -r “C:\Programme\TrendMicro\updinfo.ini” -g “pattern”

Transmit currently logged in users

WMIC COMPUTERSYSTEM get username | neolog.exe -t syslog.intranet.local -gv UserName

Transmit the values from the “Run” key

REG QUERY “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” | neolog.exe -t syslog.intranet.local -gv HKEY -sv “[\s]+” -rv ” ”

Transmit all new entries to the Application Eventlog (Note: Windows Vista, 7 and 2008 require elevated rights to access the “Security” Eventlog. Use the tool “elevate” which is packed with NeoLogger)

neolog.exe -t syslog.intranet.local -n -et “Application”

Transmit all entries of the Windows Firewall Log (Access rights have to be set!)

neolog.exe -t syslog.intranet.local -n -r C:\Windows\system32\LogFiles\Firewall\pfirewall.log

Download Latest versionhttp://sourceforge.net/projects/neologger/files/

Read more in here : http://www.bsk-consulting.de/neologger-windows-syslog-logger-tool/

Advertisements