|
All,
I was wondering if anyone could help me with this minor issue, as its driving me mad. I have JFFNMS version 0.8.1 running on a Debian (sarge) box running just fine. I also have Syslog-ng running on the same server. I am using NTsyslog 1.3 on my Microsoft servers to forward event logs to the JFFNMS syslog-ng server, with a nice little filter set up to only forward account login failures to the MySql server.
Checking both my Syslog-ng server, and the actual data held in MYSQL, it shows the following line:
Apr 26 16:14:01 grcad000dc security[failure] 680 NT AUTHORITY\SYSTEM Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account:mslager Source Workstation:CINCO155n Error Code:0xC000006A
Everything looks just peachy. However when I see the alert come over into the events, it gets truncated. This is my output from the JFFNMS events:
680 nt authority\system logon attempt by: m)
Anyone know why it's doing that?
Thanks,
Brian Hoban
|
- [jffnms-users] JFFNMS Truncating syslog messages from Syslog-n... Brian Hoban
