Thanks a Lot to all We have import the ruleset successfully Now we try to convert\modify the CEF to LEEF
*Fabio Danìa* Information & Communication Technology Authentication & Network services *On behalf of** FCA Item* Corso Luigi Settembrini 167, Ingresso 19 10135 Torino – ITALY On Tue, Oct 6, 2020 at 12:45 PM Andre Lorbach via rsyslog < [email protected]> wrote: > Hi Fabio, > > There is no direct support to automatically convert messages into LEEF > Format but usually we can build almost any format using our property > engine. > In the past, I have created a ruleset for RSyslog Windows Agent, that > outputs a propper CEF Formatted message which looks very similar to LEEF > Format. > You can download it from here: > https://download.adiscon.com/configs/ruleset-cef-format.cfg > > It helps you get started somewhere and I can help you adapt it to LEEF if > needed. > > Best regards, > Andre Lorbach > -- > Adiscon GmbH > Mozartstr. 21 > 97950 Großrinderfeld, Germany > Ph. +49-9349-9298530 > Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB > 560610 > Ust.-IDNr.: DE 81 22 04 622 > Web: www.adiscon.com - Mail: [email protected] > > Informations regarding your data privacy policy can be found here: > https://www.adiscon.com/data-privacy-policy/ > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient or have received this e-mail in error please > notify the sender immediately and delete this e-mail. Any unauthorized > copying, disclosure or distribution of the material in this e-mail is > strictly forbidden. > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte > Weitergabe dieser E-Mail sind nicht gestattet. > > > > > -----Ursprüngliche Nachricht----- > > Von: rsyslog <[email protected]> Im Auftrag von Fabio > > Dania via rsyslog > > Gesendet: Montag, 5. Oktober 2020 18:22 > > An: [email protected] > > Cc: Fabio Dania <[email protected]> > > Betreff: [rsyslog] Request information LEEF Format > > > > Hi All > > We have this version of rsyslog on a windows machine. > > > > Client Version 6.2.0.284 > > Service Version 6.2.0.209 > > > > We need to know if it's possible using the LEEF format (instead CEEF) to > > send > > logs to remote syslog server. > > From documentation seems that LEEF is not mentioned Is there a way to use > > this format with rsyslog ? > > > > Thanks in advance > > > > *Fabio Danìa* > > > > Information & Communication Technology > > > > Authentication & Network services > > > > > > > > *On behalf of** FCA Item* > > > > Corso Luigi Settembrini 167, Ingresso 19 > > > > 10135 Torino – ITALY > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > > beyond > > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
