When I attempt to use binary I receive the following error
"2013-12-17 07:20:13 ERROR binary header not found in data received from
192.168.0.2, is input really binary?"
On the client
<Output out>
Module om_tcp
Host 192.168.0.200
Port 2514
OutputType Binary
</Output>
On the server
<Input tcp2-in>
Module im_tcp
Host 192.168.0.200
Port 2514
InputType Binary
Exec to_json();
</Input>
-----Original Message-----
From: Mark D. Nagel [mailto:[email protected]]
Sent: Monday, December 16, 2013 3:26 PM
To: [email protected]
Subject: Re: [nxlog-ce-users] Windows log recommendations
On 12/16/2013 2:18 PM, Paul Fontenot wrote:
> I am looking for recommendations on how to handle the following type
> log entries
>
> 2013-12-16 14:28:41 VIDEO AUDIT_SUCCESS 540 NT AUTHORITY\ANONYMOUS
> LOGON Successful Network Logon:
> User Name:
> Domain:
> Logon ID: (0x0,0x2717A86)
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: VLC
> Logon GUID: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 192.168.0.29
> Source Port: 0
>
> I would like to be able to output this to look something like this
>
> 2013-12-16 14:28:41 VIDEO AUDIT_SUCCESS 540 NT AUTHORITY\ANONYMOUS
> LOGON Successful Network Logon: User Name: Domain: Logon ID:
> (0x0,0x2717A86) Logon
> Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM
> Workstation
> Name: VLC Logon GUID: - Caller User Name: - Caller Domain: - Caller
> Logon
> ID: - Caller Process ID: - Transited Services: - Source Network
> Address
> 192.168.0.29 Source Port: 0
This is not a direct answer, but we handle these logs by sending in binary
format to an nxlog server, which then saves these as JSON format. That is
flattened into a hash, fed into SEC, and then the hash is used to route and
handle events within the ruleset. It is far more complete and flexible than
trying to get this in to a text format via UDP syslog. But, if you must,
then why not just use the to_syslog_snare encoder
(http://nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.html#x
m_syslog_proc_parse_syslog_bsd).
Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <[email protected]> Principal Consultant,
Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-646-8277
** For faster support response time, please
** email [email protected] or call 714-495-4000
----------------------------------------------------------------------------
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
