Eventlog to Syslog Service for Windows

This program is written in C and provides a method of sending Windows Eventlog events to a syslog server. It works with the new Windows Events service found in Vista and Server 2008 and can be compiled for both 32 and 64-bit environments. Designed to keep up with very busy servers, it is fast, light, and efficient. The program is designed to run as a windows service.

It is an adaption of Curtis Smith's Eventlog to Syslog service found at https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

It contains the following improvements on Smith's utility:

v4.4.3:

• Improved performance in Server 2008 by implementing event subscriptions. Thanks to Martin for pointing me in the right direction.

v4.4.2:

• Added support for custom tags from a server. Use the -t flag when installing (Thanks wired)
• Added support for up to four log hosts simultaneously
• Fix a bug that causes excessive errors when an event cannot be retrieved on Server 2008
• Fix an issue not allowing a log level of 4 to be valid
• Began support for configurable maximum log size. Not yet completed
• Lightly tested TCP support has been implemented. Error checking and fault tolerance not yet finished. Documentation will be forthcoming for those who want to help test it

v4.4.1:

• Fixed a bug checking the windows events engine installed

v4.4:

• Finally added the ability to send only specified events
• Set Audit Failures to show as Error instead of Notice on Vista/2k8+
• Allow user to specify the minimum severity to process
• Added registry keys to configure the minimum severity and mode
• The keys are LogLevel and IncludeOnly. Both DWORD values where 0 equals disabled. See readme for additional details.

v4.3.1:

• Bugfix: Fixed bug where hostnames on Server 2003 and earlier were getting an extra leading space.