2 days, and its still going. This is why we cant have nice things. -- Espi
On Fri, Apr 11, 2014 at 5:48 AM, Steven M. Caesare <[email protected]>wrote: > And now a narrative on the hijacking of the hijacking... > > > > -sc > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Ben Scott > *Sent:* Thursday, April 10, 2014 5:58 PM > > *To:* [email protected] > *Subject:* Re: [NTSysADM] Question on those working with SEIM > > > > > > This thread has now been hijacked by a discussion about the finer points > of thread hijacking. > > > > On Thu, Apr 10, 2014 at 5:01 PM, Michael B. Smith <[email protected]> > wrote: > > Unfortunately, most email clients are not smart enough to trim References > and Threading headers, when all you do is change the subject. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Andrew S. Baker > > *Sent:* Thursday, April 10, 2014 11:43 AM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Question on those working with SEIM > > > > He didn't hijack the thread, Kurt. The subject was changed. He started a > new message via a reply, but failed to trim all the excess... > > No virtual animals were harmed by this activity... > > > > > > > > *ASB**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market...* > > > > > > On Wed, Apr 9, 2014 at 4:57 PM, Kurt Buff <[email protected]> wrote: > > On Wed, Apr 9, 2014 at 7:48 AM, Ziots, Edward <[email protected]> wrote: > > I have a question is anyone using Snare Client out there on their > > servers/Domain Controllers, to send eventlog files to a SEIM? We are > being > > asked as a apart of a SIEM implementation to utilize the Snare Client to > > send the logs off to a Symantec (LCP (Log collection point). > > > > Any experiences on this front, since I have not utilized this before. > > Z, you hijacked a thread. That's a bit uncool... > > However, yes, I've used the Snare client, and it seems to work just > fine. Never had any problems with it. All I do is cast the logs to a > syslog server. Don't have an SEIM in-house yet, but I'm working on it. > > Kurt > > > > >
