Windoze > Linux Syslog server

From: KM (martyn_at_n0spam<.)
Date: 06/30/05

• Next message: Dusty Harper {MS}: "Re: Can't talk between VPN'd client and Linux server."
• Previous message: eelco: "bad tcp cksum"
• Next in thread: Michael Heiming: "Re: Windoze > Linux Syslog server"
• Reply: Michael Heiming: "Re: Windoze > Linux Syslog server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Wed, 29 Jun 2005 23:11:14 +0100

Sorry about mentioning other miscreant OS's in this post, but I am currently
using a Linux Server as central Syslog server.

The question is, how do I filter (from /var/log/messages) out the multitude
of information and authentication messages that I am receiving from the
Windoze boxes?

for example
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network
Logon: User Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B039) Logon Type:
3 Logon Process: Kerberos Authentication Package: Kerberos Workstation
Name:
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Special privileges
assigned to new logon: User Name: Domain: Logon ID: (0x0,0x25B08C)
Assigned: SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege
SeChangeNotifyPrivilege
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: Successful Network
Logon: User Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B08C) Logon Type:
3 Logon Process: Kerberos Authentication Package: Kerberos Workstation
Name:
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: User Logoff: User
Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25B08C) Logon Type: 3
Jun 29 22:06:31 sirius Security: NT AUTHORITY\SYSTEM: User Logoff: User
Name: SIRIUS$ Domain: CZD Logon ID: (0x0,0x25AFBA) Logon Type: 3

I would like to ignore these, but they don't (seem) to fall into the usual
Linux logging categories.

OS=FC3

Thanks

Martyn

-- 
--
KM

---

• Next message: Dusty Harper {MS}: "Re: Can't talk between VPN'd client and Linux server."
• Previous message: eelco: "bad tcp cksum"
• Next in thread: Michael Heiming: "Re: Windoze > Linux Syslog server"
• Reply: Michael Heiming: "Re: Windoze > Linux Syslog server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Overnight Logons ... Logon Type 3 is a logon from a different machine in the local network. ... Event Type: Success Audit ... Event Source: Security ... (microsoft.public.windows.server.sbs) Re: Overnight Logons ... Is Dwayne leaving his desktop PC running overnight? ... Logon Type 3 is a logon from a different machine in the local network. ... Event Source: Security ... (microsoft.public.windows.server.sbs) Unknown Domain user - domain authentication appears limited ... IIS or Domain problem, it appears that it is actually a security ... When I tried this on the new server configuration I received the following ... due to the following error: Logon failure: the user has not been granted the ... requested logon type at this computer. ... (microsoft.public.windows.server.security) Re: Overnight Logons ... Is Dwayne leaving his desktop PC running overnight? ... Logon Type 3 is a logon ... Event Source: Security ... (microsoft.public.windows.server.sbs) Re: Problem ... Is the account logged into more than one machine or is it running a service ... What is the possible reason? ... Logon Type: 2 ... Logon Process: User32 ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2005-06