Eventlog to Syslog, originally developed by Curtis Smith at Purdue University, is a very small and efficient program to take Windows event logs and forward them as syslog messages to a syslog server. It’s last modification was done by Sherwin Faria of Rochester Institute of Technology. The current version at the time of this writing is 4.4 which was revised November 29, 2010.  The project is now available to all and is hosted at code.google.com.

Since there is both a 32-bit and a 64-bit version of this service, I have put together a little deployment script that determines the target architecture and then deploys the appropriate client.

In it’s current form, the deployment script depends on the following components to accomplish this task:

• Eventlog to Syslog executable and library
• systeminfo which is a command line program that is installed on Windows XP/2003 machines and above. Note: The systeminfo exe only has to be run from the central computer you are deploying from.
• psexec which is a Sysinternals utility and is obtainable through Microsoft’s website

There are three scripts: one to deploy the 32bit agent, one for the 64bit agent, and the other is to determine if the target is 32 or 64 bit.

The instEvtsys.cmd is executed from the source machine that is performing the deployment. The following is the contents of the instEvtsys script:

Once the determination has been made for the destination platform architecture, the appropriate deployment script is called. Here is a look at the inst64bit.cmd script:

The previous script copies the two needed files, evtsys.exe and evtsys.dll to the destination System32 directory. The evtsys executable is then run on the target machine via psexec using the switch to register it as a service and configure the IP address of the syslog server, where the messages will be sent. The final command will again use psexec and issue the ‘net start’ command for starting the evtsys service.

The following zip file contains all the scripts needed for deployment.  In addition to the contents of this file, you will need to download the evtsys executables and drop them in the appropriate deployment directories.

Evtsys deployment scripts