NTsyslog
-------------------------------------------------------------------------------
Windows NT syslog service

Copyright © 1998-1999, Jason R. Rhoads All rights reserved.

This software may be freely copied, modified and redistributed without fee for
non-commercial purposes provided that this copyright notice is preserved
intact on all copies.

There is no warranty or other guarantee of fitness of this software. It is
provided solely "as is". The author disclaims all responsibility and liability
with respect to this software's usage or its effect upon hardware or computer
systems.

Revisions:

      09-May-1999  Version 1.1

      18-Oct-1998  Version 1.0

Description:

     This program runs as a service under Windows NT 4.0. It formats all
     System, Security, and Application events into a single line and sends
     them to a syslog(3) host.

     Example:

          Oct 18 21:37:34 test1.sabernet.net security[success] Successful Logon:  User
          Name:jason  Domain:TEST1  Logon ID:(0x0,0x36D166)  Logon Type:7  Logon Process
          :User32    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0  Work
          station Name:TEST1

     The NTsyslog package is available for download at:
          http://www.sabernet.net/software/ntsyslog.exe

Installation:

     The syslog host is set by creating the following Registry entry:

          [HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet]
          "Syslog"="loghost.some.com"

     The syslog host can be specified by domain name (loghost.some.com) or by
     IP address (10.123.112.1).

     The types of event log messages sent to the syslog host can be configured
     by setting the dword value for each of the types of messages. All types
     with a non-zero value will be processed. The following Registry file
     enables all event types for each event log:

          [HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System]
          "Information"=dword:00000001
          "Warning"=dword:00000001
          "Error"=dword:00000001
          "Audit Success"=dword:00000001
          "Audit Failure"=dword:00000001

          [HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security]
          "Information"=dword:00000001
          "Warning"=dword:00000001
          "Error"=dword:00000001
          "Audit Success"=dword:00000001
          "Audit Failure"=dword:00000001

          [HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application]
          "Information"=dword:00000001
          "Warning"=dword:00000001
          "Error"=dword:00000001
          "Audit Success"=dword:00000001
          "Audit Failure"=dword:00000001

     The NTSyslog service must be stopped and restarted for the Registry
     settings to take effect. All messages are sent using the user.alert
     priority.

     Install the service by executing the following command:

             NTsyslog -install

     The service will be started automatically by the service control manager
     during system startup. You can start and stop the service manually from
     the Services Control Panel.

Synopsis:

    NTsyslog [ -install ] [ -remove ]

Options:

    -install       Installs the service

    -remove        Removes the service

Bug Reports:

     Please send bug reports to bugs@sabernet.net.