Problems with IIS logs and snare format | Log collection solutions

#1 enekoas 7 years ago

Does it work to send IIS logs in snare format ???

when i use the "Exec to_syslog_snare();" option in output, it sends logs like they are MSWinEvents...

<13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog 1 N/A 17 Fri Oct 21 06:26:36 2016 N/A N/A N/A N/A N/A N/A N/A N/A N/A

Permalink

#2 b0ti Nxlog ✓ 7 years ago (Last updated 5 years ago )

#1 enekoas

Does it work to send IIS logs in snare format ??? when i use the "Exec to_syslog_snare();" option in output, it sends logs like they are MSWinEvents... <13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog 1 N/A 17 Fri Oct 21 06:26:36 2016 N/A N/A N/A N/A N/A N/A N/A N/A N/A

The Snare format was designed for Windows Eventlog. Fields in IIS W3C cannot be easiliy mapped to fields in Snare, but you can do that manually.

See the description about to_syslog_snare() in the reference manual.