All,
 
I was wondering if anyone could help me with this minor issue, as its driving me mad. I have JFFNMS version 0.8.1 running on a Debian (sarge) box running just fine. I also have Syslog-ng running on the same server. I am using NTsyslog 1.3 on my Microsoft servers to forward event logs to the JFFNMS syslog-ng server, with a nice little filter set up to only forward account login failures to the MySql server.
 
Checking both my Syslog-ng server, and the actual data held in MYSQL, it shows the following line:
 
Apr 26 16:14:01 grcad000dc security[failure] 680 NT AUTHORITY\SYSTEM  Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0  Logon account:mslager  Source Workstation:CINCO155n  Error Code:0xC000006A 
 
Everything looks just peachy. However when I see the alert come over into the events, it gets truncated. This is my output from the JFFNMS events:
 
680 nt authority\system  logon attempt by: m)
 
Anyone know why it's doing that?
 
 
Thanks,
Brian Hoban

Reply via email to