EvenMonitor2 logs Windows Event Logs in realtime and can forward the Event entries to the following destinations:
- SOAP Endpoint
File output is XML. There are several sample XSLT stylesheets included to transform the output to HTML.
New in Version 2 is XML Messaging support. You can specify a SOAP endpoint, and all Event entries will be transmitted to this endpoint. A sample WinForms Monitor Console is included. I also added WS:Security support. You can use KerberosToken (WSE2), KerberosToken2 (WSE SP2) and UsernameTokens. All Messages get encrypted and digitally signed using the selected token.
For added UsernameToken security you can hash the password with a ScopeUri prior to sending the message (the resulting password has the format H(pwd+servername).
The included binaries are compiled against WSE2 SP2.
Command Line switches:
What to log:
Choose the Eventlog to Monitor (e.g. Application, System, Security)
Filter for Event Severity (e.g. Information, Warning, Error)
Where to log:
By default all log entries will be written to the console window
Suppress console logging
Log to XML File (provide filename)
/ws (provide URI, e.g. soap.tcp://LogServer:4142/EventMonitorConsole
Log to a SOAP Endpoint via WSE2
Encrypt & Sign SOAP Messages
Use KerberosToken, the Target SPN will be constructed from the SOAP Endpoint URI
Use KerberosToken2, specify the SPN the logging console runs under
Use UsernameToken, specify the username
Use UsernameToken, specify the password
Hash the password on the client before sending to the server. The format is H(pwd+ ServerName)
Log Application log to file:
EventMonitor /log Application /out out.xml
Log to a SOAP Endpoint
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole /priv /kerb
EventMonitor /log Security /ws soap.tcp://LogServer:1234/EventMonitorConsole /priv /spn “LoggingDemon/Domain”