Thanks Michael, I hear what you are saying, but our domain controllers are all still Windows Server 2003. So I don't that that's the issue.
Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com From: "Michael B. Smith" <[email protected]> To: "NT System Admin Issues" <[email protected]> Date: 06-07-12 10:03 AM Subject: RE: EvenReporter (10.1.344) as the syslog forwarder Christopher – The format of event logs changes in Windows 2008 and this also included a change to the format of the basic Win32_NTLogEvent. A new field called “InsertionStrings” was added that contains data which is unique to a given event log entry. The reason for this is that it represents a significant optimization in the amount of space consumed by the average event log item. Database normalization, if that means anything to you. Tools that deal with raw Win32_NTLogEvent records need to know how to deal with this. (The only reason I know this is that I recently had to update one of my own tools for this change. It’s a simple change.) Since EventReporter is now at version 12, if I were to guess, your version doesn’t know how to properly deal with this change. I’d be asking the question on the EventReporter forums or their support personnel. Regards, Michael B. From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, June 07, 2012 9:45 AM To: NT System Admin Issues Subject: Re: EvenReporter (10.1.344) as the syslog forwarder Nope, not using that one. I use the free EvtSys 4.4.3 ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Thu, Jun 7, 2012 at 8:57 AM, Christopher Bodnar < [email protected]> wrote: Thought I'd throw this out there one more time: We are using EvenReporter (10.1.344) as the syslog forwarder to get the windows security logs into our SIEM (Nitro). Anyone else using this? Problem is with resolving the SIDs and GUIDs on the domain controllers. Thanks Christopher Bodnar ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
