Hi Ronny,
I think this EventData part is not handled yet, the im_msvistalog module
needs to be enhanced.
Regards,
Botond
On Sat, 9 Aug 2014 11:06:27 +0200
Ronny Vaningh <ro...@guard-it.be> wrote:
> Hi
>
> I was just playing around with the new Sysmon tool from sysinternals.
>
> It sticks all of its useful data in the EventData portion of the windows
> event log
>
> I wanted to use im_msvistalog to forward windows event to a central syslog
> server but it seems that it is not passing on any EventData fields in the
> syslog message.
>
> What should I do in order to achieve this
>
>
> Thanks
>
>
> Ronny
>
>
>
>
> - <file:///C:/Users/ronaldo/AppData/Local/Temp/tmpEA3.xml#> <EventData>
> <Data Name="*UtcTime*">9/08/2014 8:56</Data>
> <Data Name="*ProcessGuid*">{00000000-E73A-53DF-0000-001xxxxx269A}</Data>
> <Data Name="*ProcessId*">9712</Data>
> <Data Name="*Image*">C:\Program Files
> (x86)\Google\Chrome\Application\chrome.exe</Data>
> <Data Name="*User*">xxxxxx</Data>
> <Data Name="*Protocol*">tcp</Data>
> <Data Name="*SourceIsIpv6*">false</Data>
> <Data Name="*SourceIp*">192.168.1.xx</Data>
> <Data Name="*SourceHostname*">xxxx</Data>
> <Data Name="*SourcePort*">46536</Data>
> <Data Name="*SourcePortName*" />
> <Data Name="*DestinationIsIpv6*">false</Data>
> <Data Name="*DestinationIp*">a.b.c.d</Data>
> <Data Name="*DestinationHostname*" />
> <Data Name="*DestinationPort*">443</Data>
> <Data Name="*DestinationPortName*">https</Data>
> </EventData>
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
