Syslog daemon for Windows Eventlog

• Download demo project - 11.6 KB
• Download source files - 24.1 KB

Introduction

Syslog has become the standard logging solution on Unix and Linux systems. There are many applications which can send and receive syslog messages on windows computers. I have this wireless router (WRT type) and after a firmware upgrade, there was a syslog option. Working on a Windows XP machine, I wrote a Syslog daemon of my own entirely in C#.

Background

For logging on Windows we have Eventlog. To make use of Eventlog we have to make a service which translates syslog messages and sends them to Eventlog. Syslog messages are transported as UDP packets on port number 514, and have a very simple structure. For more on Syslog packets, please read http://www.ietf.org/rfc/rfc3164.txt

Using the demo project

The demo project contains the Syslogd.exe service. If you want to use it, you have to install the service by using the .NET tool installutil.exe which is located in the framework directory (watch version numbering).

In my src project I use two post-build steps, one for uninstall, and one for installing.
Note: If you build the project for the first time, the first step will break. So remove it, and add it later.

c:\windows\microsoft.net\framework\v2.0.50727\installutil.exe 
         /u "$(TargetPath)"
c:\windows\microsoft.net\framework\v2.0.50727\installutil.exe
         "$(TargetPath)"

Note: The demo project contains a simple install.cmd that does install your service.

Because services are not nice to debug(!), the project contains a simple Form which can Start and Stop the Syslogd process. You can set breakpoints, and do single steps from here.

When using installutil.exe for registering .NET services, the tool looks for any [RunInstaller(true)] attribute on a class, and executes that piece of code.

[RunInstaller(true)]
public class SyslogdInstaller : Installer
{
.......
}    

SyslogdInstaller.cs

This installer code is located in SyslogdInstaller.cs which does two things. It installs the syslogd service and opens up the internal firewall of Windows XP, for more on this, see 'Points of Interest'.

.......
this.serviceProcessInstaller1.Account = ServiceAccount.LocalSystem;
this.serviceProcessInstaller1.Password = null;
this.serviceProcessInstaller1.Username = null;
.......
this.serviceInstaller1.ServiceName = settings.ServiceName;
this.serviceInstaller1.Description = settings.Description;
this.serviceInstaller1.DisplayName = settings.DisplayName;
this.serviceInstaller1.StartType = ServiceStartMode.Automatic;

Properties.Settings

Most of the properties in this project are configurable by its Properties.Settings class.

In Visual Studio you can use the nice properties editor:

When saving these settings, an XML file is saved (Syslogd.exe.config) which can be changed according to one's own wishes afterwards.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
.....
    <userSettings>
        <Syslogd.Properties.Settings>
            <setting name="Address" serializeAs="String">
                <value>*</value>
            </setting>
            <setting name="Port" serializeAs="String">
                <value>514</value>
            </setting>
            <setting name="ServiceName" serializeAs="String">
                <value>Syslogd</value>
            </setting>
            <setting name="Description" serializeAs="String">
                <value>Syslogd service logs syslog messages to
                     windows eventlog</value>
            </setting>
            <setting name="DisplayName" serializeAs="String">
                <value>Syslogd service</value>
            </setting>
            <setting name="EventLog" serializeAs="String">
                <value>Syslog</value>
            </setting>
        </Syslogd.Properties.Settings>
    </userSettings>
</configuration>

SyslogdService.cs

The syslogd service code itself is located in SyslogdService.cs. This is more or less a standard service code and inherits from ServiceBase. There is only a Start and a Stop service method.

...
private Syslogd syslogd;
...
public SyslogdService()
{
    ...
    syslogd = new Syslogd();
}

protected override void OnStart(string[] args)
{
    syslogd.Start();
} 
...
protected override void OnStop()
{
    syslogd.Stop();
}
...

Syslogd.cs

When syslogd service is started, a new class syslogd is instantiated, and contains a worker thread for receiving syslog messages. This worker class is located in Syslogd.cs

private void Worker()
{
    Properties.Settings settings = new Properties.Settings();

    m_EventLog = settings.EventLog;

    IPAddress ipAddress = IPAddress.Any;
    if(settings.Address!="*")
        ipAddress = IPAddress.Parse(settings.Address);

    IPEndPoint ipEndPoint = new IPEndPoint(ipAddress, settings.Port);

    m_socket = new Socket(
        AddressFamily.InterNetwork,
        SocketType.Dgram, ProtocolType.Udp);
    m_socket.Bind(ipEndPoint);

    // Recycling vars , i love it.

    EndPoint endPoint = ipEndPoint;

    // http://www.ietf.org/rfc/rfc3164.txt

    // 4.1 syslog Message Parts

    // The total length of the packet MUST be 1024 bytes or less.

    byte[] buffer = new byte[1024];

    while (m_running)
    {
        try
        {
            int intReceived = m_socket.ReceiveFrom(buffer, 0, 
                buffer.Length, SocketFlags.None, ref endPoint);
            string strReceived = Encoding.ASCII.GetString(buffer,
                0, intReceived);
            Log(endPoint, strReceived);
        }
        catch (Exception exception)
        {
            EventLog myLog = new EventLog();
            myLog.Source = settings.ServiceName;
            if (!m_running)
                myLog.WriteEntry("Stopping...",
                     EventLogEntryType.Information);
            else
                myLog.WriteEntry(exception.Message,
                     EventLogEntryType.Error);
            myLog.Close();
            myLog.Dispose();
        }
    }
}

Decoding Syslog PRI

Every syslog packet contains a PRI. This PRI is simply decoded and translated by making use of the appropriate regular expression.

...
/*
 * The PRI part MUST have three, four, or five characters and will be
 * bound with angle brackets as the first and last characters.  The PRI
 * part starts with a leading "<" ('less-than' character), followed by a
 * number, which is followed by a ">" ('greater-than' character).  
 */
m_regex = new Regex("<([0-9]{1,3})>", RegexOptions.Compiled);
...

After decoding the decimal part of the PRI, I use a struct to translate it to Facility and Severity.

/// <summary>

/// Facility  according to http://www.ietf.org/rfc/rfc3164.txt

///      4.1.1 PRI Part

/// </summary>

private enum FacilityEnum : int
{
    kernel      = 0,     // kernel messages

    user        = 1,     // user-level messages

    mail        = 2,     // mail system

    system      = 3,     // system daemons

    security    = 4,     // security/authorization messages (note 1)

    internally  = 5,     // messages generated internally by syslogd

    printer     = 6,     // line printer subsystem

    news        = 7,     // network news subsystem

    uucp        = 8,     // UUCP subsystem

    cron        = 9,     // clock daemon (note 2) changed to cron

    security2   = 10,    // security/authorization messages (note 1)

    ftp         = 11,    // FTP daemon

    ntp         = 12,    // NTP subsystem

    audit       = 13,    // log audit (note 1)

    alert       = 14,    // log alert (note 1)

    clock2      = 15,    // clock daemon (note 2)

    local0      = 16,    // local use 0  (local0)

    local1      = 17,    // local use 1  (local1)

    local2      = 18,    // local use 2  (local2)

    local3      = 19,    // local use 3  (local3)

    local4      = 20,    // local use 4  (local4)

    local5      = 21,    // local use 5  (local5)

    local6      = 22,    // local use 6  (local6)

    local7      = 23,    // local use 7  (local7)

}

/// <summary>

/// Severity  according to http://www.ietf.org/rfc/rfc3164.txt

///      4.1.1 PRI Part

/// </summary>

private enum SeverityEnum : int
{
    emergency  = 0,    // Emergency: system is unusable

    alert      = 1,    // Alert: action must be taken immediately

    critical   = 2,    // Critical: critical conditions

    error      = 3,    // Error: error conditions

    warning    = 4,    // Warning: warning conditions

    notice     = 5,    // Notice: normal but significant condition

    info       = 6,    // Informational: informational messages

    debug      = 7,    // Debug: debug-level messages

}

private struct Pri
{
    public FacilityEnum Facility;
    public SeverityEnum Severity;
    public Pri(string strPri)
    {
        int intPri = Convert.ToInt32(strPri);
        int intFacility = intPri >> 3;
        int intSeverity = intPri & 0x7;
        this.Facility = (FacilityEnum)Enum.Parse(typeof(FacilityEnum),
           intFacility.ToString());
        this.Severity = (SeverityEnum)Enum.Parse(typeof(SeverityEnum),
           intSeverity.ToString());
    }
    public override string ToString()
    {
        return string.Format("{0}.{1}", this.Facility, this.Severity);
    }
}

The first PRI match in the received message gets special attention.
See 'The logging in Eventlog' part for this.

...
Pri pri = new Pri(m_regex.Match(strReceived).Groups[1].Value);
...

Because syslog messages can be relayed, and a relay can add more PRI parts, every message can have more than one PRI. Every PRI is replaced by its human readable Facility.Severity pair.

/// <summary>

/// Evaluator is being used to translate every decimal Pri header in

/// a Syslog message to an 'Facility.Severity ' string.

/// </summary>

/// <param name="match">Any Pri header match in a message</param>

/// <returns />Translated Pri header to 'Facility.Severity '</returns>

private string evaluator(Match match)
{
    Pri pri = new Pri(match.Groups[1].Value);
    return pri.ToString()+" ";
}

private void Log(EndPoint endPoint, string strReceived)
{
...
string strMessage = string.Format("{0} : {1}", 
        endPoint, m_regex.Replace(strReceived, evaluator));
...
}

Translating Syslog Severity to EventLogEntryType

Windows Eventlog supports only a few useful EventLogEntryTypes: Error, Warning and Information. Every syslog Severity is mapped on one of these. This is only done to have a good discriminable part for any Sysadmin, or analyzer program which watches the Eventlog. Every syslog Severity is logged in full in the body of every Eventlog entry.

private EventLogEntryType Severity2EventLogEntryType(SeverityEnum Severity)
{
    EventLogEntryType eventLogEntryType;

    switch (Severity)
    {
        case SeverityEnum.emergency:
            eventLogEntryType = EventLogEntryType.Error;
            break;
        case SeverityEnum.alert:
            eventLogEntryType = EventLogEntryType.Error;
            break;
        case SeverityEnum.critical:
            eventLogEntryType = EventLogEntryType.Error;
            break;
        case SeverityEnum.error:
            eventLogEntryType = EventLogEntryType.Error;
            break;
        case SeverityEnum.warning:
            eventLogEntryType = EventLogEntryType.Warning;
            break;
        case SeverityEnum.notice:
            eventLogEntryType = EventLogEntryType.Information;
            break;
        case SeverityEnum.info:
            eventLogEntryType = EventLogEntryType.Information;
            break;
        case SeverityEnum.debug:
            eventLogEntryType = EventLogEntryType.Information;
            break;
        default: // ?

            eventLogEntryType = EventLogEntryType.Error;
            break;
    }
    return eventLogEntryType;
}

The logging in Eventlog

Binding this all together, logging IP-address, Port-number, PRI translated message, logging in Windows Eventlog. Nice feature to use the first PRI as a eventlog Source, because new Eventlogs can (auto) register Source types, which you can filter etc.

private void Log(EndPoint endPoint, string strReceived)
{
    Pri pri = new Pri(m_regex.Match(strReceived).Groups[1].Value);

    EventLogEntryType eventLogEntryType = 
        Severity2EventLogEntryType(pri.Severity);

    string strMessage = string.Format("{0} : {1}", 
        endPoint, m_regex.Replace(strReceived, evaluator));

    EventLog myLog = new EventLog(m_EventLog);
    myLog.Source = pri.ToString();
    myLog.WriteEntry(strMessage, eventLogEntryType);
    myLog.Close();
    myLog.Dispose();
}

Points of Interest

When building services which use the network on a Windows XP machine, you have to deal with the built-in Firewall. For opening up the internal firewall for the service, this piece of code is needed:

private void FireWall()
{
...
    Type NetFwMgrType = Type.GetTypeFromProgID("HNetCfg.FwMgr", false);
    INetFwMgr mgr = (INetFwMgr)Activator.CreateInstance(NetFwMgrType);

    Type NetFwAuthorizedApplicationType =
        Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication", false);
    INetFwAuthorizedApplication app =
        (INetFwAuthorizedApplication)
        Activator.CreateInstance(NetFwAuthorizedApplicationType);

    app.Name = settings.ServiceName;
    app.Enabled = true;
    app.ProcessImageFileName = Assembly.GetExecutingAssembly().Location;
    app.Scope = NET_FW_SCOPE_.NET_FW_SCOPE_ALL;

    mgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Add(app);
...
}

Don't forget that you have to make a reference to c:\windows\system32\hnetcfg.dll - it makes an Interop.NetFwTypeLib.dll

Syslogd In action

I'm running a Dutch version of Windows XP, nice for all other programmers to see Services and Eventlog in Dutch!!

A sample Syslog entry of my router:

History

• As of writing, it is Version 1.0

You must Sign In to use this message board.

FAQ    Noise Tolerance Very HighHighMediumLowVery Low   Layout Expand Posts & RepliesThread ViewNo JavascriptNo JS + Preview   Per page 102550

Msgs 1 to 25 of 34 (Total in Forum: 34) (Refresh) FirstPrevNext

MySQL JP Encarnacion 6:52 25 Mar '09   Hello I was wondering if there was any way to connect this to an SQL database? Thank You! Sign In·View Thread·PermaLink Re: MySQL Alphons van der Heijden 10:21 25 Mar '09   Sure, you can dump information towards an SQL database. But keep in mind logging can be a stressfull business when application go wild. Which would give a performance penalty on you database. Some way of caching could help. In the Log method, you have to change these lines: EventLog myLog = new EventLog(m_EventLog); myLog.Source = pri.ToString(); myLog.WriteEntry(strMessage, eventLogEntryType); myLog.Close(); myLog.Dispose(); Into something like this: OleDbConnection myConnection = new OleDbConnection("Provider=SQLOLEDB;Data Source=localhost;Initial Catalog=Northwind;" + "Integrated Security=SSPI;"); string myInsertQuery = "INSERT INTO LogTable (Pri, Message, EntryType) Values('" + pri + "', '" + strMessage + "' , '" + eventLogEntryType + "')"; OleDbCommand myCommand = new OleDbCommand(myInsertQuery); myCommand.Connection = myConnection; myConnection.Open(); myCommand.ExecuteNonQuery(); myCommand.Connection.Close(); You have to change the details to make it work. Cheers! sometimes I think, therefore sometimes I am Sign In·View Thread·PermaLink Re: MySQL JP Encarnacion 1:03 27 Mar '09   Thanks for the help! Sign In·View Thread·PermaLink Crash with first message received. GreatOak 4:12 7 Jan '09   I compile it, install the service, start it but as soon as I get the first log it crashes. The demo works correctly but neither the Debug nor Release compiled version works. Here is the error. Event Type: Error Event Source: .NET Runtime 2.0 Error Reporting Event Category: None Event ID: 5000 Date: 01/06/2009 Time: 17:11:52 User: N/A Computer: WHQTEC12 Description: EventType clr20r3, P1 syslogd.exe, P2 1.0.3293.29108, P3 4963c8b8, P4 system, P5 2.0.0.0, P6 4889de7a, P7 2c0b, P8 40, P9 system.net.sockets.socket, P10 NIL. Basically, what I saw in the debug is that the worker thread can't access the socket/port it is trying to. System.Net.Sockets.SocketException was unhandled Message="Only one usage of each socket address (protocol/network address/port) is normally permitted" Source="System" ErrorCode=10048 NativeErrorCode=10048 StackTrace: at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Bind(EndPoint localEP) at Syslogd.Syslogd.Worker() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() Any suggestions would be greatly appreciated. Thank you, G Sign In·View Thread·PermaLink Re: Crash with first message received. alphons 5:37 7 Jan '09   The error message is: "Only one usage of each socket address (protocol/network address/port) is normally permitted" I think you are running the program twice, is the service already running without you knowing it. Or maybe there is another service listening on port 514. You can check this by opening a prompt en type: c:\> netstat -an It gives you all the sockets in use. Hope it will help you. Maybe trying to reboot once, will solve your problem. greetings. -Alphons. Sign In·View Thread·PermaLink Re: Crash with first message received. GreatOak 6:43 7 Jan '09   Wow!!! Thanks for getting back to me so quickly! I do have something connected to 514 according to netstat but I uninstalled the service and I have rebooted my machine. So, I don't know what could be using that port... Thanks for the tip and thank you again for responding. GO... Sign In·View Thread·PermaLink Re: Crash with first message received. GreatOak 11:17 7 Jan '09   Thanks again for your help, I have a java.exe connected to port 514. I know I can change the port in the code and in the UNIX system but I tracked down the procID and successfully killed it to test the compiled version. It works perfectly. Thanks again for your help and submitting this excellent code. ~GO Sign In·View Thread·PermaLink On regular expression Member 4691255 10:24 2 Jan '09   Simple and nice. I guess it needs some tweaking for better performance. I have a question on the regular expression you're using. If I'm not mistaken the regular expression you're giving would accept a message like: "<040>.....". And if i'm not mistaken again (which i'm not), the spec of syslog says that 0 in the brackets is accepted only for the priority of value 0, that is for: "<0>.....", right? Best regards, Elias Poulogiannis Sign In·View Thread·PermaLink Re: On regular expression alphons 13:17 2 Jan '09   This project is not a parser to check if applications generate well formatted PRI messages, which I know some apps don't. Nor does it relay messages. It detects and decodes, and gets them into eventlog. Thats it. So it does not matter if it catches <040>, it is worse to miss it Sign In·View Thread·PermaLink Installation nuander 7:19 25 Jul '08   Could someone post an example of using InstallUtil with the demo? Thx Sign In·View Thread·PermaLink Re: Installation alphons 1:20 18 Sep '08   Open up a DOS prompt and type something like: > c:\windows\microsoft.net\framework\v2.0.50727\installutil.exe Syslogd.exe The version of the path depends on your active/installed .NET framework. Sign In·View Thread·PermaLink syslogd zagnut 20:09 24 Apr '08   Hi, Thanks for posting this work. I was also looking for a tool to use with my OpenWrt firmware. Works great. Nate Sign In·View Thread·PermaLink I get more than one log for each event wyx2000 14:52 18 Oct '07   mail error <19>Sent: Queue-ID: 4717f13d-000ad48f, Recipient: , Result: delivered, Status: 2.0.0 mail info <22>Sent: Queue-ID: 4717f13d-000ad48f, Recipient: , Result: delivered, Status: 2.0.0 mail error <19>Sent: Queue-ID: 4717f13d-000ad48f, Recipient: , Result: delivered, Status: 2.0.0 Sign In·View Thread·PermaLink Re: I get more than one log for each event alphons 1:39 19 Oct '07   Maybe your source is sending events more than 1 time..... The syslog program has no error, as far as I know Sign In·View Thread·PermaLink any idea how to ge host name and timestamp? wyx2000 14:30 18 Oct '07   .. Sign In·View Thread·PermaLink Re: any idea how to ge host name and timestamp? alphons 1:55 19 Oct '07   Everytime an event is logged, you have a great timestamp!!! On the hostname thing, you could use something as: using System.Net; .... string strIpAddress = ((IPEndPoint)endPoint).Address.ToString(); IPAddress hostIPAddress = IPAddress.Parse(strIpAddress); IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress); string strHostName = hostInfo.HostName.ToString(); .... Did not test it, but it should work. Sign In·View Thread·PermaLink syslogs.... ankita luniya 2:21 17 Jul '07   hi there, i am making an event management tool in C#. my project consiste of three phases i.e. evnt mgmt for windows cisco n linux. im already over with the windows part. Now i want to extend dis tool for cisco and linux i.e. syslogs. but i m just not able to do that. i saw ur code of syslog daemon...and found that it can help me. but der is a problem. C i am directing the logs from a cisco switch to my syslog server. there i even installed the syslog service. After that in the event viewer i have new category of events ....syslogs. In this there are logs but htey contain dis msg in all of dem..."local3.error %PIX-3-305005: No translation group found for udp src"..i am jus not gettin how to proceed....n how ur program can help me. please kindly guide me................i'l b highly greatful to you.............!!! Thanks in advance....!!! ankita Sign In·View Thread·PermaLink 5.00/5 (1 vote) Re: syslogs.... alphons 3:04 17 Jul '07   Hello Ankita, Thanks for asking for help. I think the syslog program is working correctly. If there is a syslogs eventlog queue, which contains these 'local3.error' messages, everything is working fine. Your your router / firewall NAT service on your Cisco is telling you, there is something you should take care of! This is the solely purpose of the syslog system. Google on '%PIX-3-305005: No translation group found for udp src' to find some answers on these messages coming from your Cisco. If it is directly related to the syslog protocol itself, you have to add some firewall rules for UDP port 514. But i'm no expert on Cisco routers, I'm sorry. Good luck. -Alphons. Sign In·View Thread·PermaLink Re: syslogs.... ankita luniya 3:33 17 Jul '07   hi... thx for the reply. but its like...i installed ur demo project. syslogd ws installed as a sevice. but when it went to the application that is syslogd.cs...it gave an error..."Only one usage of each socket address (protocol/network address/port) is normally permitted"....what is this now. although a new event type is created in my windows event viewer syslog...where all d cisco logs are entered...but y dis error. please help ankita Sign In·View Thread·PermaLink Re: syslogs.... alphons 3:43 17 Jul '07   Hello Ankita, There can only be one Service running on port 514. If there is already a program installed, you have to stop the service, en then (re)install. But this is not related to syslog, it is a socket issue. hope it will help. -Alphons. Sign In·View Thread·PermaLink Re: syslogs.... ankita luniya 3:49 17 Jul '07   hi alphons...thx 4 such a quick response.... but m really not able to understand. c i hav a cisco pix... and i have a syslog server wid a certain ip 222.222.222.222(say) now i have ur code syslog_src. what do i do to recieve the logs from this cisco pix....??? and how to analyze them....please guide me from the beginnin...m not able to understand anythin..... kindly help... ankita Sign In·View Thread·PermaLink Re: syslogs.... alphons 4:51 17 Jul '07   Hello again, The syslogd program is a logging program. It translates UDP packets to Windows event log entries. If it is started, pref. as a service. It listens on port 514 for UDP packets. So compile, or use the demo. And install the syslogd program on your server. I think you have it already running If a device, lets say a Cisco Pix is able to generate syslog messages, it has to know where to send those messages. So you have to configure, at the Cisco device, to use 222.222.222.222 as the IP number to send its syslog messages. You started this discussion, saying something like logging "local3.error %PIX-3-305005: No translation group found for udp src" messages. So I think, you already have the program running, and is doing a good job!!! Analysing the entries, is not a big deal. Only read what the message say, and Google on the message if it is an error. Hope you will understand the program / syslog system a little bit better now. -Alphons. Sign In·View Thread·PermaLink Re: syslogs.... ankita luniya 20:47 17 Jul '07   hi... yes in the cisco device all the logs are directed to this ip 222.222.222.222. and i am recieving these logs in my server in syslog category. i unzipped the demo of dis project and installed the install.cmd. after this the syslogd service wass started then i clicked on the syslogd.exe to run the application. When i did so it generated this error ................. "Cannot start the service from command line or debugger. A windows service must be first installed (using installutil.exe)and then started with the server explorer, Windows service administrative tool or the net start command" and when i compile it, it generates this error.."Only one usage of each socket address (protocol/network address/port) is normally permitted"... I am not able to understand why dis error is generated. The other thing inspite of the code generating error..the logs are logged in syslog....with the proper event types. for example th debug type is converted to information...notification is also converted to information all dis is done. y is dis happenin then? kindly guide... sorry 4 the trouble....!! ankita Sign In·View Thread·PermaLink Re: syslogs.... alphons 23:29 17 Jul '07   Hello Ankita, No trouble at all. If you ran the install.cmd the service is already started. So you don't have to run syslogd.exe manually. Thats why you are getting the error message. When compiling and running the test program, the same program tries to bind itself to the socket. But because the program already runs (as a service) and is already bind to the socket, you get the other error. Maybe I had to build in some message like: "The program is already running!!". So again, I think all is working fine now. Just read the entries in the event-log and C what you can do about it, or maybe just have a big smile, because there are no errors logged in syslog... have a wonderful day! -Alphons. Sign In·View Thread·PermaLink Re: syslogs.... ankita luniya 0:17 18 Jul '07   hey alphons... thx a ton.....!!! a real big problem is solved for me...actually m on my interns and m developin an event managemnt tool. i am already over with the windows part and now i have to proceed with the event log monitoring for cisco and linux. i tested your application with cisco pix....n gr888 it wrks.....!!! now i just hav to analyse the message part of these logs...and make the database entry accordingly. now next i would need to track the logs for unix hosts also.. i guess the same code will work for unix hosts also...right?? anyways.....a big thanx to you.......!!! i actually had no idea how to collect logs for cisco n unix....u wer a big time help to me.....!! gud day Sign In·View Thread·PermaLink 1.00/5 (1 vote)

Last Visit: 1:21 22 Nov '09     Last Update: 1:21 22 Nov '09 12 Next »