Greetings, I'm using Ossec virtual appliance on a VM and set up a windows 2008 server to send audit logs on share usage by users in domain. Everything is working fine, but the gathered logs displayed incorrect -
2015 Mar 27 12:50:42 WinEvtLog: Security: AUDIT_FAILURE(5145): Microsoft-Windows-Security-Auditing: (no user): no domain: Hyper-V.ias.su: S-1-5-21-2832557239-2908104349-351431359-2274 e.beliakow IAS 0x1c83c3ea0 File 192.168.8.6 56002 \\\\*\\HotSMS \\??\\C:\\Folders\\HotSMS \xC1\xE5\xEB\xFF\xEA\xEE\xE2 \xC5\xE2\xE3\xE5\xED\xE8\xE9\\+ Mars April\\9AA1D4E6.tmp 0xc0080 %%1539\r In kibana web form i expected the path to be displayed in cyrillic (CP1251), but the path to file in share is using utf8. When i tried iconv the current ossec log file from utf8 to cp1251 - i've got the file translated correctly and the full path in cyrillic So my question is - how to fix this? I just want my share path to be displayed correctly in cyrillic within Kibana. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
