Re: [rsyslog] Please help with Snare Format

2012-11-30 Thread jdguingao
David thank you for your help I already solve the problem. This message is part of the syslog tag: MSWinEventLog0 Security957 Fri So i just use this command to extract the security field. syslogtag:F:3. Again thank your for all your help Cheers Jong -- View this m

Re: [rsyslog] Please help with Snare Format

2012-11-29 Thread jdguingao
Will it still force escape even if I use this directive $EscapeControlCharactersOnReceive off ? -- View this message in context: http://rsyslog-rsyslog-users.1305293.n2.nabble.com/Please-help-with-Snare-Format-tp7579234p7579245.html Sent from the rsyslog -- rsyslog-users mailing list archive at

Re: [rsyslog] Please help with Snare Format

2012-11-29 Thread jdguingao
Thanks for the help David and Dan. What I am thinking now is to use the pmsnare module to test if I can extract that field but my installation of rsyslog does not have it. I use the RPM that the rsyslog team provided in their website. Is their anyway to upload a module to my existing rsyslog instal

Re: [rsyslog] Please help with Snare Format

2012-11-29 Thread jdguingao
I will enclose in curly braces the message that I want to extract 2012-11-30T02:41:46+08:00 CX-CDOWKSMIS003.ph.gbsorg.net MSWinEventLog 0 {Security}491 Fri Nov 30 02:41:44 20124689 Microsoft-Windows-Security-Auditing PH\CX-CDOWKSMIS003$ N/A Success Audit

Re: [rsyslog] Please help with Snare Format

2012-11-29 Thread jdguingao
I want to mimic the standard Event log data that I can see in PhpLogcon. I have borrowed a template from a user in rsyslog forum. Here is the link kb.monitorware.com/post20457.html#p20457 and I want to extract this field 2012-11-30T02:41:46+08

[rsyslog] Please help with Snare Format

2012-11-29 Thread jdguingao
HI All, Please help me how to extract the security fields in this message using regex or any other methods Here is a Sample log from Snare 2012-11-30T02:41:46+08:00 CX-CDOWKSMIS003.ph.gbsorg.net MSWinEventLog 0 Security491 Fri Nov 30 02:41:44 20124689 Microsoft-Win