05 Base Camper

Windows syslog

Can anyone tell me which data field is used to look at the windows syslog? Looking to track and alert when a user logs onto a server.
9 REPLIES 9

Re: Windows syslog

Joshua,

long and short name of the Syslog record is "Syslog". The syslog message itself is broken into Message1, Message2 and so on (if its longer than 254).

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
05 Base Camper

Re: Windows syslog

Hey Shoaib,

I'm working on building a screen. What option is that nested under? NtSystem, NtServer? I'm having trouble locating it.

Re: Windows syslog

It would be under 'All' records, when you add a new window or update record definition.syslog.png


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib

Re: Windows syslog

You'll also need to configure SYSLOG configuration as well as configure remote server to send syslog to prognosis.

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
05 Base Camper

Re: Windows syslog

Syslog doesn't show up as a data field under ALL for me. I'm using 11.3 on a Windows server. We have 1 managing node and a number or managed nodes (some windows and some AIX).

data-fields.png

Re: Windows syslog

My bad, I did not mention that it is a licensed product. I am assuming you don't have "SLG" in the license you have? If not, I'd suggest to request an updated license. I am pretty sure it is part of the core and doesn't have additional cost.

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
05 Base Camper

Re: Windows syslog

Thanks. I've reached out to our sales rep for more info that.

Re: Windows syslog

Josh, try MPEvent too.. it is different than SysLog license and if I recall right user's RDP'n into the server are logged there.. I think they used to be anyway when I ran Postilion as a customer anyway.

A lot of our licensing has license codes embedded into them so you might not see "SLG" explicitly outlined in the license too if you do have it.. but don't think that is embedded by default in Postilion.. but MpEvent I think might meet your needs.. It just isn't all Windows events and has some sort of filter on it.

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Sr. Services Solution Engineer, Payments & Infrastructure – MSci. PA, CISSP, ITIL.
05 Base Camper

Re: Windows syslog

Thanks Christopher. I realized I was over-complicating things. I used MPEvent and have the threshold all set.
Blog: What Optimal Transaction Performance Means

A number of our customers use Prognosis to monitor the health of their payment systems. As part of this, they monitor the transactions flowing through the system ...

Read blog