Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Datagram] [HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent] # Primary syslog server. It MUST be entered in order for SyslogAgent to even start. #It must be entered as a IP address - not a DNS name. "Syslog"="192.168.0.1" # Defaults below # -------------- #A backup Syslogserver, if used "Syslog1"="0.0.0.0" # Destination port. the hex value 202 is default, and means port 514. "SendToPort"=dword:00000202 "SendToBackupPort"=dword:00000202 #Lookup account information, from SID to user and domain information. Default is yes. Causes potentially #large amount of traffic to domain server "LookupAccountSID"=dword:00000001 #Filter out any events that are deemed uninteresting? Default is no filter # example "EventIDFilterList"="562,565,566,836,837,4121" "EventIDFilterList"="" # Should the Agent ping the syslog server prior to sending messages? Good for laptops... # hex:01 for true "UsePingBeforeSend"=hex:00 #Event Log poll interval, in seconds. Default is check every 2 seconds. It should not be set to lower. # A higher value reduces overhead. "EventLogPollInterval"=dword:00000002 #SyslogAgent replaces carrige returns with ascii127 for storage. SyslogView then displays the 127 as a carrige return. #If not using SyslogView you might want to change this to something else. Number 127 is 7f in hex. #Linefeed is removed by default. Set another value if desired. #Tab is not modified by default. Set another value if desired. "CarrigeReturnReplacementCharInASCII"=dword:0000007f "LineFeedReplacementCharInASCII"=dword:00000000 "TabReplacementCharInASCII"=dword:00000009 #Activate logging? Yes for event logs (default) and no for application logs (since none are configured) "ForwardEventLogs"=hex:01 "ForwardApplicationLogs"=hex:00 #Default settings below for regarding facility/severity for Application, Security and System. #If the server has more event logs, another key will dynamically be added in the registry, with the same default setttings [HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent\Application] "Information"=dword:00000001 "Information Priority"=dword:000000be "Warning"=dword:00000001 "Warning Priority"=dword:000000bc "Error"=dword:00000001 "Error Priority"=dword:000000bb "Audit Success"=dword:00000001 "Audit Success Priority"=dword:000000be "Audit Failure"=dword:00000001 "Audit Failure Priority"=dword:000000bd [HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent\Security] "Information"=dword:00000001 "Information Priority"=dword:00000026 "Warning"=dword:00000001 "Warning Priority"=dword:00000024 "Error"=dword:00000001 "Error Priority"=dword:00000023 "Audit Success"=dword:00000001 "Audit Success Priority"=dword:00000026 "Audit Failure"=dword:00000001 "Audit Failure Priority"=dword:00000025 [HKEY_LOCAL_MACHINE\SOFTWARE\Datagram\SyslogAgent\System] "Information"=dword:00000001 "Information Priority"=dword:0000001e "Warning"=dword:00000001 "Warning Priority"=dword:0000001c "Error"=dword:00000001 "Error Priority"=dword:0000001b "Audit Success"=dword:00000001 "Audit Success Priority"=dword:0000001e "Audit Failure"=dword:00000001 "Audit Failure Priority"=dword:0000001d