Hi Fabio, There is no direct support to automatically convert messages into LEEF Format but usually we can build almost any format using our property engine. In the past, I have created a ruleset for RSyslog Windows Agent, that outputs a propper CEF Formatted message which looks very similar to LEEF Format. You can download it from here: https://download.adiscon.com/configs/ruleset-cef-format.cfg
It helps you get started somewhere and I can help you adapt it to LEEF if needed. Best regards, Andre Lorbach -- Adiscon GmbH Mozartstr. 21 97950 Großrinderfeld, Germany Ph. +49-9349-9298530 Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB 560610 Ust.-IDNr.: DE 81 22 04 622 Web: www.adiscon.com - Mail: i...@adiscon.com Informations regarding your data privacy policy can be found here: https://www.adiscon.com/data-privacy-policy/ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. > -----Ursprüngliche Nachricht----- > Von: rsyslog <rsyslog-boun...@lists.adiscon.com> Im Auftrag von Fabio > Dania via rsyslog > Gesendet: Montag, 5. Oktober 2020 18:22 > An: rsyslog@lists.adiscon.com > Cc: Fabio Dania <fabio.da...@external.fcagroup.com> > Betreff: [rsyslog] Request information LEEF Format > > Hi All > We have this version of rsyslog on a windows machine. > > Client Version 6.2.0.284 > Service Version 6.2.0.209 > > We need to know if it's possible using the LEEF format (instead CEEF) to > send > logs to remote syslog server. > From documentation seems that LEEF is not mentioned Is there a way to use > this format with rsyslog ? > > Thanks in advance > > *Fabio Danìa* > > Information & Communication Technology > > Authentication & Network services > > > > *On behalf of** FCA Item* > > Corso Luigi Settembrini 167, Ingresso 19 > > 10135 Torino – ITALY > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
