Christopher - The format of event logs changes in Windows 2008 and this also included a change to the format of the basic Win32_NTLogEvent. A new field called "InsertionStrings" was added that contains data which is unique to a given event log entry. The reason for this is that it represents a significant optimization in the amount of space consumed by the average event log item. Database normalization, if that means anything to you.
Tools that deal with raw Win32_NTLogEvent records need to know how to deal with this. (The only reason I know this is that I recently had to update one of my own tools for this change. It's a simple change.) Since EventReporter is now at version 12, if I were to guess, your version doesn't know how to properly deal with this change. I'd be asking the question on the EventReporter forums or their support personnel. Regards, Michael B. From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, June 07, 2012 9:45 AM To: NT System Admin Issues Subject: Re: EvenReporter (10.1.344) as the syslog forwarder Nope, not using that one. I use the free EvtSys 4.4.3 ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Thu, Jun 7, 2012 at 8:57 AM, Christopher Bodnar <[email protected]<mailto:[email protected]>> wrote: Thought I'd throw this out there one more time: We are using EvenReporter (10.1.344) as the syslog forwarder to get the windows security logs into our SIEM (Nitro). Anyone else using this? Problem is with resolving the SIDs and GUIDs on the domain controllers. Thanks Christopher Bodnar ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
