op5 SyslogAgent runs as a service under
•Windows 2000
•Windows XP
•Windows 2003
•Windows 2008.
•Windows 2008 R2
•Windows 2012
It formats all types of Windows Eventlog entries into syslog format and sends them to a syslog host (The op5 Monitor server or the op5 LogServer). The agent can also forward plaintext log-files.
Introduction
The entries in the Event log are sent to the op5 Logserver or op5 Monitor server. Text based application logs are also supported.
The op5 SyslogAgent is a repackaged version of the Datagram SyslogAgent, which initially is a bug fixed version of Sabre Net's old NT_Syslog. The op5 SyslogAgent is licenced as GPL software.
Installation
The op5 SyslogAgent installation package consists of an msi installer. To install simply double click the installation msi file and follow the on-screen instructions.

By default the op5 SyslogAgent will be installed in an op5 subdirectory to the program files folder. Usually:
C:\Program Files\op5\SyslogAgent\
For configuration see
Configuration on page 22Upgrading
If a prior version of the SyslogAgent is installed it should, to avoid problems, be stopped and uninstalled as a service and then uninstalled. Stopping and uninstalling the service can be done from the SyslogAgent Configuration tool. Follow these steps to stop and uninstall the SyslogAgent service:
1. Start the SyslogAgent Configuration tool
2. Press the “Stop”-button (see Fig 3. in the section Configuration)
3. Press the “Uninstall”-button
After the service have been stopped and uninstalled you should uninstall the previous version of the SyslogAgent from “Add/Remove software” on the windows control panel.
Now you can proceed with the installation of the new version as usual. Note that your previous settings will be used directly when the installation is complete.
Configuration
When the configuration tool is started the following window should be displayed:
Configuring the elementary functions
To configure the elementary functions and start the SyslogAgent started follow the following steps:
5 Enter the IP address in the field Syslog Server:. This IP should be the one to your op5 Logserver or op5 Monitor server.
6 Make sure the check box “Enable forwarding of event logs” is checked.
7 Press Start Service.
Your SyslogAgent is now configured and should be sending logs to your op5 Logserver or op5 Monitor server.
Configuration options
UDP delivery
This is the standard way of sending logs - using 'best-effort' UDP protocol. If a secondary syslog server is configured, logs are sent to both addresses.
Separate ports can be configured for the primary and mirror server. Default is 514 (UDP).
UDP with Ping Delivery
With this option, the Syslogserver will first be pinged before any logs are sent. As long as the Event log is not cleared before contact can be restored, no information will be lost. The same is not neccessarary true for Application Logs - depending on how the particular application handles the log files.
The server will be pinged every 20 seconds while connection is successful. When ping is unsuccessful, the Agent will eventually slow down to attempt a ping every minute.
Enable forwarading of event logs
By default, syslog entries are forwarded to the syslog server. If only application logging is desired, event forwarding can be disabled.
The Syslog agent is preconfigured regarding classification of different types of entries. These settings can be modified by choosing an event log and pressing the 'Configure event log' button. Please see advanced configuration for detailed description of registry settings.
Filter out EventIDs
In certain cases, it can be desireable to filter out certain Event ID's. SyslogAgent supports this by entering the Event ID's to be filtered out in a comma separated list. A maximum of 30 Event ID's can be specified. For instance:
562,565,4132,566,836,837
Exporting configuration
All settings are stored in the registry, and can therefore be exported to a .reg file. This way the settings can be pushed out via a group policy, scripts etc. Please observe that in such an export the key 'LastRun' should be deleted before copied to another computer - it's the key that helps each computer to know which entries has already been sent. Not deleting this field can cause computers to not send syslog entries.
To create a .reg-file simply open the regedit-tool, i.e type regedit from the command-line and follow these steps.
1 Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent

2 Right-click the folder and choose export.

3 Save the file and open it by right-clicking the file and choosing edit. Remove the whole line corresponding to the keyword "LastRun"(if present).
The line can be found under the section: “[HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent]”