Thank you very much.

Gabriele, Thanks for you assitance. That is what I was looking for. On another question, is there any large test data for Message Tracking that I could run the command against? THanks again. Nick

Sure you can do all of this! First off, it's up to you to figure out how to 'map' an exchange log entry to a syslog message. To see how mappings can be done, checkout the SYSLOG output format help in the online docs. Second, to parse only new data, checkout the "Incremental Parsing" feature, aka "checkpointing...

Hello all, I have a need to send the Exchange 2000/2003 Message Tracking logs to a syslog server. I know that you can do this with the log parser command and output to syslog, or so it seems thru my reading. Does anyone have any advice on how to do this? Some considerations are: 1) Done ever hour or...

From the documentation: SELECT TimeGenerated, CASE SourceName WHEN 'EventLog' THEN 'mark' WHEN 'Service Control Manager' THEN 'daemon' WHEN 'Print' THEN 'lpr' WHEN 'Kerberos' THEN 'auth' WHEN 'NETLOGON' THEN 'logaudit' WHEN 'Application Popup' THEN 'local7' ELSE 'local0' END AS MyFacility, CASE EventTypeName...

I like to know sample command line to dump the entire security log on to a SYSLOG server

Windows does not have a concept of facility , that's a Syslog-, Unix-only concept. You need to come up with your own mapping that decides in which instances an event has a 'local6' facility. Once you decide that, then you can use one of the examples shown in the help file. As a side note, the following...

I have the following information Source servername: xyz123 Eventlog :Security Eventlog Filtering facility: -local6 Target syslogserver: ABC123 Port:514 Target Filename: windows.log How I can retrieve the last 15 minutes data from the source server's security eventlog for the facility:local6 and send...