[nxlog-ce-users] forwarding windows EventData fields

[Ronny Vaningh]

Hi

I was just playing around with the new Sysmon tool from sysinternals.

It sticks all of its useful data in the EventData portion of the windows
event log

I wanted to use im_msvistalog to forward windows event to a central syslog
server but it seems that it is not passing on any EventData fields in the
syslog message.

What should I do in order to achieve this


Thanks


Ronny




 - <file:///C:/Users/ronaldo/AppData/Local/Temp/tmpEA3.xml#> <EventData>
   <Data Name="*UtcTime*">9/08/2014 8:56</Data>
   <Data Name="*ProcessGuid*">{00000000-E73A-53DF-0000-001xxxxx269A}</Data>
   <Data Name="*ProcessId*">9712</Data>
   <Data Name="*Image*">C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe</Data>
   <Data Name="*User*">xxxxxx</Data>
   <Data Name="*Protocol*">tcp</Data>
   <Data Name="*SourceIsIpv6*">false</Data>
   <Data Name="*SourceIp*">192.168.1.xx</Data>
   <Data Name="*SourceHostname*">xxxx</Data>
   <Data Name="*SourcePort*">46536</Data>
   <Data Name="*SourcePortName*" />
   <Data Name="*DestinationIsIpv6*">false</Data>
   <Data Name="*DestinationIp*">a.b.c.d</Data>
   <Data Name="*DestinationHostname*" />
   <Data Name="*DestinationPort*">443</Data>
   <Data Name="*DestinationPortName*">https</Data>
  </EventData>

------------------------------------------------------------------------------

_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users