Send Exchange SMTP Logs To Syslog Server
"Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®."
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
Run in batchfile from Windows Scheduled tasks every (day/hour/other)
Exchange.Syslog.smtp.bat
LogParser.exe file:Queryexchange.sql -i:IISW3C -iCheckPoint:cp.txt -o:SYSLOG
Queryexchange.sql
SELECT TO_TIMESTAMP(date, time),c-ip,cs-username,s-sitename,s-computername,s-ip,s-port,cs-method,cs-uri-stem,cs-uri-query,sc-status,sc-win32-status,sc-bytes,cs-bytes,time-taken,cs-version,cs-host,cs(User-Agent),cs(Cookie),cs(Referer)
INTO @syslogserver.com:514
FROM L:\log\SMTPSVC1\*.log
Looks nice in Splunk ;)
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
Run in batchfile from Windows Scheduled tasks every (day/hour/other)
Exchange.Syslog.smtp.bat
LogParser.exe file:Queryexchange.sql -i:IISW3C -iCheckPoint:cp.txt -o:SYSLOG
Queryexchange.sql
SELECT TO_TIMESTAMP(date, time),c-ip,cs-username,s-sitename,s-computername,s-ip,s-port,cs-method,cs-uri-stem,cs-uri-query,sc-status,sc-win32-status,sc-bytes,cs-bytes,time-taken,cs-version,cs-host,cs(User-Agent),cs(Cookie),cs(Referer)
INTO @syslogserver.com:514
FROM L:\log\SMTPSVC1\*.log
Looks nice in Splunk ;)
posted by Niklas Eriksson at 18:15
0 Comments:
Skicka en kommentar
<< Home