Hi
I was just playing around with the new Sysmon tool from sysinternals.
It sticks all of its useful data in the EventData portion of the windows
event log
I wanted to use im_msvistalog to forward windows event to a central syslog
server but it seems that it is not passing on any EventData fields in the
syslog message.
What should I do in order to achieve this
Thanks
Ronny
- <file:///C:/Users/ronaldo/AppData/Local/Temp/tmpEA3.xml#> <EventData>
<Data Name="*UtcTime*">9/08/2014 8:56</Data>
<Data Name="*ProcessGuid*">{00000000-E73A-53DF-0000-001xxxxx269A}</Data>
<Data Name="*ProcessId*">9712</Data>
<Data Name="*Image*">C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe</Data>
<Data Name="*User*">xxxxxx</Data>
<Data Name="*Protocol*">tcp</Data>
<Data Name="*SourceIsIpv6*">false</Data>
<Data Name="*SourceIp*">192.168.1.xx</Data>
<Data Name="*SourceHostname*">xxxx</Data>
<Data Name="*SourcePort*">46536</Data>
<Data Name="*SourcePortName*" />
<Data Name="*DestinationIsIpv6*">false</Data>
<Data Name="*DestinationIp*">a.b.c.d</Data>
<Data Name="*DestinationHostname*" />
<Data Name="*DestinationPort*">443</Data>
<Data Name="*DestinationPortName*">https</Data>
</EventData>
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
