On 12/16/2013 2:18 PM, Paul Fontenot wrote: > I am looking for recommendations on how to handle the following type log > entries > > 2013-12-16 14:28:41 VIDEO AUDIT_SUCCESS 540 NT AUTHORITY\ANONYMOUS LOGON > Successful Network Logon: > User Name: > Domain: > Logon ID: (0x0,0x2717A86) > Logon Type: 3 > Logon Process: NtLmSsp > Authentication Package: NTLM > Workstation Name: VLC > Logon GUID: - > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 192.168.0.29 > Source Port: 0 > > I would like to be able to output this to look something like this > > 2013-12-16 14:28:41 VIDEO AUDIT_SUCCESS 540 NT AUTHORITY\ANONYMOUS LOGON > Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x2717A86) Logon > Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation > Name: VLC Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon > ID: - Caller Process ID: - Transited Services: - Source Network Address > 192.168.0.29 Source Port: 0
This is not a direct answer, but we handle these logs by sending in binary format to an nxlog server, which then saves these as JSON format. That is flattened into a hash, fed into SEC, and then the hash is used to route and handle events within the ruleset. It is far more complete and flexible than trying to get this in to a text format via UDP syslog. But, if you must, then why not just use the to_syslog_snare encoder (http://nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.html#xm_syslog_proc_parse_syslog_bsd). Regards, Mark -- Mark D. Nagel, CCIE #3177 <mna...@willingminds.com> Principal Consultant, Willing Minds LLC (http://www.willingminds.com) cell: 949-279-5817, desk: 714-495-4001, fax: 714-646-8277 ** For faster support response time, please ** email supp...@willingminds.com or call 714-495-4000 ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
