Re: [nxlog-ce-users] NXLog snare format replacing the "0" in a two digit date (Day) with extra space - No parsing between 1-9 of each month

On 03/06/2015 01:15 PM, Botond Botyanszki wrote: > Probably many syslog implementations are able to parse it with double > digits but to not break standards compliance you should be only replacing > the second, i.e. the value in snare timestamp field. Well, for those that come along and read this

Re: [nxlog-ce-users] NXLog snare format replacing the "0" in a two digit date (Day) with extra space - No parsing between 1-9 of each month

On 03/06/2015 01:15 PM, Botond Botyanszki wrote: > The first date is the syslog header. As per RFC3164 it should have a > single digit date: > "If the day of the month is less > than 10, then it MUST be represented as a space and then the > number. For example, the 7th day of August would be >

Re: [nxlog-ce-users] NXLog snare format replacing the "0" in a two digit date (Day) with extra space - No parsing between 1-9 of each month

On 03/06/2015 01:15 PM, Botond Botyanszki wrote: > Probably many syslog implementations are able to parse it with double > digits but to not break standards compliance you should be only replacing > the second, i.e. the value in snare timestamp field. I just came across this thread and am taking a

[nxlog-ce-users] MSI Install Path

The installer doesn't seem to support installing to a drive other than c:. Is there an installation flag that will change this? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the

Re: [nxlog-ce-users] Sending Windows event in Snare format to syslog

On 2014-08-01 13:14, Josh Vigil wrote: > Hello, > I am currently having issues with our SIEM (ArcSight) parsing Windows > event logs coming in the snare format. Are you running the latest Windows version of nxlog? There were some Snare format fixes. --

Re: [nxlog-ce-users] [announcement] nxlog 2.8.1248 released

On 07/19/2014 09:45 AM, Botond Botyanszki wrote: > Hi, > > The new release is now available from the sourceforge mirrors. > Below is an excerpt from the ChangeLog containing changes since the > previous release: Thank you for nxlog. ---

[nxlog-ce-users] Universal Install for Windows

I am interested in deploying the MSI in a mixed Windows environment (that is to say, a mix of 32 and 64-bit, and pre-Vista and Vista+). Is there a way to have a common configuration file that would serve all needs? I know both im_msvistalog and im_mseventlog are in play, as well as path differe

Re: [nxlog-ce-users] Hello and Suggestion

On 20.10.2013 04:15, Botond Botyanszki wrote: > There were several earlier suggestions regarding the snare format > produced by to_syslog_snare() and all that is not forgotten. It's > just > that polishing the snare format isn't top priority since it is an old > looser format that the world is mo

Re: [nxlog-ce-users] Hello and Suggestion

On 10/20/2013 04:15 AM, Botond Botyanszki wrote: > Hi, > > Thanks for the suggestions regarding the snare format. On one hand you > are right that if would enhance compatibility, on the other hand N/A is > used for all fields so we could also say that the OSSEC snare decoder > isn't perfect

[nxlog-ce-users] Hello and Suggestion

Hello everyone, I wanted to pop in and say how impressed I am with nxlog. I really like the architecture and philosophy on how it is compartmentalized and tries to maintain structured data throughout the transaction. That makes perfect sense. Anyway, I am testing out the Windows agent Snare co