What is the most human readable format nxlog can output for Windows logs - 2008R2 if it matters? I use Binary to get them from the client to the log server and output them in json format to be stored in logstash. I'd like a human readable output as well for taking a quick glance, having sent via email, etc.
This
{"EventTime":"2014-08-07
12:33:28","Hostname":"SOMESERVER","Keywords":-9214364837600034816,"EventType
":"AUDIT_SUCCESS","SeverityValue":2,"Severity":"INFO","Eve
ntID":4663,"SourceName":"Microsoft-Windows-Security-Auditing","ProviderGuid"
:"{54849625-5478-4994-A5BA-3E3B0328C30D}","Version":0,"Task":12800,"OpcodeVa
lue":0,"RecordNumber":848
00198,"ProcessID":4,"ThreadID":80,"Channel":"Security","Message":"An attempt
was made to access an object.\r\n\r\nSubject:\r\n\tSecurity
ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tSOMESERVER$\r\n\tAccount
Domain:\t\tAD-ENT\r\n\tLogon ID:\t\t0x3e7\r\n\r\nObject:\r\n\tObject
Server:\tSecurity\r\n\tObject Type:\tFile\r\n\tObject
Name:\tC:\\Windows\\SysWOW64\\i
csxml\r\n\tHandle ID:\t0x1a0\r\n\r\nProcess Information:\r\n\tProcess
ID:\t0x824\r\n\tProcess Name:\tC:\\Program Files (x86)\\Symantec\\Critical
System Protection\\Agent\\IDS\\b
in\\SISIDSService.exe\r\n\r\nAccess Request
Information:\r\n\tAccesses:\tREAD_CONTROL\r\n\t\t\t\t\r\n\tAccess
Mask:\t0x20000","Category":"File System","Opcode":"Info","SubjectUs
erSid":"S-1-5-18","SubjectUserName":"SOMESERVER$","SubjectDomainName":"SOMEA
D","SubjectLogonId":"0x3e7","ObjectServer":"Security","ObjectType":"File","O
bjectName":"C:\\Windows\\
SysWOW64\\icsxml","HandleId":"0x1a0","AccessList":"%%1538\r\n\t\t\t\t","Acce
ssMask":"0x20000","ProcessName":"C:\\Program Files (x86)\\Symantec\\Critical
System Protection\\Agent
\\IDS\\bin\\SISIDSService.exe","EventReceivedTime":"2014-08-07
12:33:30","SourceModuleName":"eventlog","SourceModuleType":"im_msvistalog","
MessageSourceAddress":"192.168.0.1"}
Isn't as easy to read as this
<13>Aug 7 10:47:48 SOMESERVER Aug 7 10:47:47 SOMESERVER boks_sshd[13798]:
Accepted keyboard-interactive/boksauth for SOMEID from 192.168.0.1 port
58193 ssh2
Paul Fontenot
Enterprise Key Management & Public Key Infrastructure | EIST&O | ETS | TOG |
Wells Fargo
2600 S. Price Rd. 2nd Floor | Chandler, AZ 85286
MAC S3939-022
Cell (480) 253-2908
ward.p.fonte...@wellsfargo.com
This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or
any information herein. If you have received this message in error, please
advise the sender immediately by reply e-mail and delete this message. Thank
you for your cooperation.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
