+1
0
-1
1
answer

Suppress attribute question

Hello,

This is jsut a quick question on the following lines of a config for Nxlog. Basically is the code suppressing all security events with the exception of those event IDs with in the brackets or are the event IDs within the brackets being suppress?

AskedOctober 21, 2016 - 10:57pm
+1
0
-1
1
answer

Problems with IIS logs and snare format

Does it work to send IIS logs in snare format ???

when i use the "Exec to_syslog_snare();" option in output, it sends logs like they are MSWinEvents...

 

<13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog    1    N/A    17    Fri Oct 21 06:26:36 2016    N/A    N/A    N/A    N/A    N/A    N/A    N/A        N/A    N/A

AskedOctober 21, 2016 - 8:46am
+1
0
-1
1
answer

Pulling Check Point logs

I was reading the Enterprise Edition documentation on Check Point OPSEC LEA. Can this be done on a Windows server or do I need to use a Linux server?

AskedOctober 20, 2016 - 4:25pm
+1
0
-1
0
answers

Reading in ModSecurity logs using nxlog

I'm attempting to use nxlog to pull in audit files from ModSecurity the root of the log files reside at /var/log/modsec_audit/. The actual log files are two folders lower, as modsecurity creates the folders that are timestamped by day and then minute.

AskedOctober 18, 2016 - 4:55pm

Pages