Hi Botond. I know that this has been asked before, but I thought that I would
(stupidly) ask again. I see that SNARE, running on a W2K8R2 server, will fill
in the log type column for every line it generates (i.e. Security, System,
Application, DNS, etc.), but as discussed in a previous thread, nxlog is not
populating that column in the logs (when using, in my case, the to_syslog_snare
capability). I'm thinking that this information has to be available (as SNARE
obviously finds it), but because nxlog isn't populating it, it causes issues
with our upstream SIEM components.
Certainly (as you pointed out before), at least for Security events, that it
could potentially be discerned from other data in the line (e.g.
"Microsoft-Windows-Security-Auditing"), but with other event types, that really
isn't possible (unless you start coding gynormously complex expressions, to
attempt to account for "every possible system or application component in the
known-universe", in order to try to "guess" at the nature of the log.
So... (as if it was not already obvious), I guess I'm asking again, why it
isn't possible for nxlog to correctly discern the nature of the log source, and
always populate that value in the resulting output?
And I would question whether everything within the "Application and Services"
Event Log tree, shouldn't also be tagged as an "Application" log?
Sorry, again, for asking. I'm just really trying to find a way to use nxlog to
transparently migrate from away from a snare-based agent, but without it
looking "more like snare", than is currently the case, it will make that effort
significantly more difficult.
Thanks for your time and consideration.
Marvin
The information transmitted, including any content in this communication is
confidential, is intended only for the use of the intended recipient and is the
property of The Western Union Company or its affiliates and subsidiaries. If
you are not the intended recipient, you are hereby notified that any use of the
information contained in or transmitted with the communication or
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify the
Western Union sender immediately by replying to this message and delete the
original message
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
