EventMonitor 2

EvenMonitor2 logs Windows Event Logs in realtime and can forward the Event entries to the following destinations:

  • Console
  • File
  • SOAP Endpoint

File output is XML. There are several sample XSLT stylesheets included to transform the output to HTML.

New in Version 2 is XML Messaging support. You can specify a SOAP endpoint, and all Event entries will be transmitted to this endpoint. A sample WinForms Monitor Console is included. I also added WS:Security support. You can use KerberosToken (WSE2), KerberosToken2 (WSE SP2) and UsernameTokens. All Messages get encrypted and digitally signed using the selected token.

For added UsernameToken security you can hash the password with a ScopeUri prior to sending the message (the resulting password has the format H(pwd+servername).

The included binaries are compiled against WSE2 SP2.

EventMonitor2.zip (52,9 KB)

Command Line switches:

What to log:

/log
Choose the Eventlog to Monitor (e.g. Application, System, Security)

/f
Filter for Event Severity (e.g. Information, Warning, Error)

Where to log:

By default all log entries will be written to the console window

/nocon
Suppress console logging

/out
Log to XML File (provide filename)

/ws (provide URI, e.g. soap.tcp://LogServer:4142/EventMonitorConsole
Log to a SOAP Endpoint via WSE2

Security Settings

/priv
Encrypt & Sign SOAP Messages

/kerb
Use KerberosToken, the Target SPN will be constructed from the SOAP Endpoint URI

/spn
Use KerberosToken2, specify the SPN the logging console runs under

/u
Use UsernameToken, specify the username

/p
Use UsernameToken, specify the password

/h
Hash the password on the client before sending to the server. The format is H(pwd+ ServerName)

Examples:

Log Application log to file:
EventMonitor /log Application /out out.xml

Log to a SOAP Endpoint
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole

Use Kerberos
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole /priv /kerb
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole /priv /spn “LoggingDemon/Domain”

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s