Hello everyone, I wanted to pop in and say how impressed I am with nxlog. I really like the architecture and philosophy on how it is compartmentalized and tries to maintain structured data throughout the transaction. That makes perfect sense.
Anyway, I am testing out the Windows agent Snare compatibility and I noticed something that I want to make a suggestion about. The Snare format is documented in Appendix A of the Guide to Snare for Windows (http://www.intersectalliance.com/resources/Documentation/Guide_to_Snare_for_Windows-4.1.2.pdf). In reviewing the nxlog interpretation, I discovered that certain fields, such as the Snare event counter field, are stamped as N/A in nxlog. I see why. It's not really Snare so it really is N/A, but the problem is that it may not be interpreted correctly by log analysis tools. For example, I am rewriting the Snare decoder in OSSEC and I have to account for a non-numeric field in order for nxlog-formatted Snare to work properly. I think it would be better if nxlog stuck to the expected data type and just put something like 0 in those fields. So there's my suggestion. Thanks again for a great product and for making it open source. -Michael ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
