I'll add that the snare format puts concise important information after verbose
not-so-important information, so when it truncates things you loose stuff you
want.
you are far better off forwarding the logs as JSON via TCP
David Lang
On Mon, 24 Oct 2016,
Botond Botyanszki wrote:
Hi,
I b
Hi,
I believe this is the same question posted here:
https://nxlog.co/question/2070/problems-iis-logs-and-snare-format
The answer is pretty much the same what Marvin wrote.
Regards,
Botond
On Fri, 21 Oct 2016 17:59:41 +
Marvin Nipper wrote:
> Hi. Botond will jump in if I lead you astray, b
Hi. Botond will jump in if I lead you astray, but the to_syslog_snare function
is really about Windows Event transformations (to emulate the specific SNARE
_Windows OS_ agent output), and not intended to handle other event types.
I’ve never used the SNARE Epilog agent (intended for “flat file” c
