Windoze > Linux Syslog server

Sorry about mentioning other miscreant OS's in this post, but I am currently
using a Linux Server as central Syslog server.

The question is, how do I filter (from /var/log/messages) out the multitude
of information and authentication messages that I am receiving from the
Windoze boxes?

for example
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network
Logon: User Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B039) Logon Type:
3 Logon Process: Kerberos Authentication Package: Kerberos Workstation
Name:
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Special privileges
assigned to new logon: User Name: Domain: Logon ID: (0x0,0x25B08C)
Assigned: SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege
SeChangeNotifyPrivilege
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network
Logon: User Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B08C) Logon Type:
3 Logon Process: Kerberos Authentication Package: Kerberos Workstation
Name:
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: User Logoff: User
Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B08C) Logon Type: 3
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: User Logoff: User
Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25AFBA) Logon Type: 3

I would like to ignore these, but they don't (seem) to fall into the usual
Linux logging categories.

OS=FC3

Thanks

Martyn


--
--
KM

In comp.os.linux.networking KM <martyn@n0spam<.>czd<.>org <.>uk>:
> Sorry about mentioning other miscreant OS's in this post, but I am currently
> using a Linux Server as central Syslog server.

> The question is, how do I filter (from /var/log/messages) out the multitude
> of information and authentication messages that I am receiving from the
> Windoze boxes?

> for example
> Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network

Try a search (freshmeat.net) for "syslog-ng", this should allow
you to redirect each system log to a separate file.

[..]

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 10: hardware stress fractures

Michael Heiming wrote:

> In comp.os.linux.networking KM <martyn@n0spam<.>czd<.>org <.>uk>:
>> Sorry about mentioning other miscreant OS's in this post, but I am
>> currently using a Linux Server as central Syslog server.
>
>> The question is, how do I filter (from /var/log/messages) out the
>> multitude of information and authentication messages that I am receiving
>> from the Windoze boxes?
>
>> for example
>> Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network
>
> Try a search (freshmeat.net) for "syslog-ng", this should allow
> you to redirect each system log to a separate file.
>
> [..]
>
> Good luck
>
Thanks

I'll try it out

Martyn
--
--
KM