Stream PAM Event Messages to Windows Event Log

To configure PAM to stream its messages to the Windows Event log, please use the following procedure.

Login to PAM server with an account that has Administrative permissions on this host. You will need to modify files.
Stop the PamManagement service.
Download the following file to the server from https://bin.xtontech.com/product/xtamcli/NTEventLogAppender.amd64.dll or https://logging.apache.org/log4j/1.2/download.html (Download log4j-1.2.17.zip from this page and extract NTEventLogAppender.amd64.dll)
Once downloaded, copy this .dll file to <SystemDrive>\Windows\System32
Move the following files from $PAM_HOME/web/webapps/xtam/WEB-INF/lib to $PAM_HOME/web/lib
- apache-log4j-extras-1.2.17.jar
- log4j-1.2.17.jar
- slf4j-api-1.7.5.jar
- slf4j-log4j12-1.7.22.jar
Delete the following files from $PAM_HOME/web/webapps/xtamWorker/WEB-INF/lib
- apache-log4j-extras-1.2.17.jar
- log4j-1.2.17.jar
- slf4j-api-1.7.5.jar
- slf4j-log4j12-1.7.22.jar

Open the following file in a text editor $PAM_HOME/web/conf/log4j.pam.properties.

Add NTEventlog to the end of the log4j.rootLogger= so that it looks like this
Copy
```
1
log4j.rootLogger=INFO, file, stdout, SYSLOG, NTEventLog
```
If you do not have Syslog configured in PAM, then it will look like this
Copy
```
1
log4j.rootLogger=INFO, file, stdout, NTEventLog
```

Add the following lines at the end of this file. You can customize the Source and ConversionPattern values as needed.

Copy

1
2
3
4
5
# Direct log messages to Windows Event Log
log4j.appender.NTEventLog=org.apache.log4j.nt.NTEventLogAppender
log4j.appender.NTEventLog.Source=XTAM
log4j.appender.NTEventLog.layout=org.apache.log4j.EnhancedPatternLayout
log4j.appender.NTEventLog.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{3.}:%L (%t) - %m%n

Save and close the log4j.pam.properties file.
Start the PamManagement service to complete the process.