You can get the advice from IT HELP DESK

SYSTEM[WINDOW] evtsys Installation Guide

Robert
18 Jan 2019
<head>Disk Management, Server Monitoring, System management, server monitoring, server management, system management, system monitoring, </head>

[WINDOW] evtsys Installation Guide 


Hello ~!

Today we will tell you how to install evtsys in the window!


On Windows systems, since it does not support its own syslog like Linux or Unix series, you can send event log in syslog format only by installing Agent. 

evtsys is a tool that sends event log (event log) generated from Windows server to the syslog server in real timeIt is the most commonly used tool because it is simple to install and use.


Below is Installation guide. 



1. Download the installation file

You can download at here


Download the file that matches with your Windows version (32 bit/64 bit) are using in the link above.

Large Packets can send syslogs up to 4,096 Bytes in length, and the default version can send up to 1,024 Bytes. Please note that if the message is sent over 1,024 bytes in the default version, the log may be truncated and collected.


2. Installing evtsys

     ① After decompressing the downloaded file.

     ② Execute cmd with administrator authority .

     ③ Move to the decompressed path. Please move the compressed file to C: \ .

     ④ Please input the following command.

evtsys  - i  - h  [ server IP to send logs to ] -l <level num> 

Optional: 

  • -i : install
  • -h: If you want to send syslog to the IP you want to send to several servers, use; to distinguish IP.
  • -l : Set log level for transmission


Log level
Explanation
0
All/Verbose
1
Critical
2
Error
3
Warning
4
Info


* Note

The options for evtsys are: You can give different settings for evtsys installation by referring to the following.

evtsys -i|-u|-d [-h host[;host2;...]] [-f facility] [-p port] [-t tag] [-s minutes] [-q bool] [-l level] [-n] [-a]

Optional:

  • -i: Install
  • -u: Uninstall
  • -d: Debug: Run only in console program
  • -a: Use IP address or fqdn for syslog messages
  • -h: Server IP (host) input to forward syslog. If you enter multiple servers, separate them with;
  • -f: syslog facility level (default: daemon)
  • -l: Minimum level of syslog
  • -n: For Win9x/Server 2003 only. Only the event log specified in the config file is sent
  • -p: syslog port (default: 514)
  • -q: DHCP server query (0/1 = disable/enable)
  • -t: Include tag
  • -s: Interval between messages (0 = disable)



3. Start the evtsys service

     ① Execute cmd with administrator authority .

     ② Please input the following command.

net start evtsys



4. Stop the service 

     ① Execute cmd with administrator authority .

     ② Please input the following command.

net stop evtsys



5. Delete the service 

- Please stop and delete the service. 

     ① Execute cmd with administrator authority .

     ② Please input the following command.

     ③ Delete the file from C:\ (uncompressed path).   

evtsys -u


The screen after executing the above command is as follows.


You can see if evtsys is working properly in [Services].

The startup type is automatically installed, but if not, please set it up automatically .


If you use the evtsys option appropriately, you can collect logs in any direction.

Leave your comment on the question! ~! ~!