Hi Josh,
I don't see anything wrong with your conf. It could be that ArcSight sees
something wrong in the snare input and decides to switch back to plain
syslog.
Regards,
Botond
On Mon, 4 Aug 2014 10:36:12 -0400
Josh Vigil wrote:
> For me it was a brand new installation which I used the most
For me it was a brand new installation which I used the most current
version. For testing, i did use the old version which gave me the same
results. For some reason the logs are being viewed as generic syslog and
not the snare formatted syslog so ArcSight can not parse it. Again It came
in at one t
Hi Josh,
On Fri, 1 Aug 2014 14:14:05 -0400
Josh Vigil wrote:
> however at one time it was correctly being identified as snare and was
> parsed. Nothing has changed in the config or the endpoint.
Have you upgraded to the latest release? The enhanced snare formatter is
supposed to work better wit
On 2014-08-01 13:14, Josh Vigil wrote:
> Hello,
> I am currently having issues with our SIEM (ArcSight) parsing Windows
> event logs coming in the snare format.
Are you running the latest Windows version of nxlog? There were some
Snare format fixes.
--
Hello,
I am currently having issues with our SIEM (ArcSight) parsing Windows event
logs coming in the snare format. I have copied by config for review. For
some reason it is being viewed as generic syslog however at one time it was
correctly being identified as snare and was parsed. Nothing has cha
