sending txt logs to a remote server using snare do not show logs content
#Hello, tanks in advance . #I am sending multiple logs from windows server to a linux collector #I have no issues with windows system logs , #Seems i can not send via snare windows system logs, and test plain text logs. #Is there any way to do that?
But when i switch to snare i can see no description about the warning 2022-10-21T09:21:21+00:00 Winserver MSWinEventLog#0111#011N/A#0111#011Fri Oct 21 09:21:21 2022#011N/A#011N/A#011N/A#011N/A#011N/A#011N/A#011N/A#011#011N/A#011N/A#015
The same line with snare commented: 2022-10-21T09:18:23.208210+00:00 Winserver WARNING: Can't open file \?\C:...\UPPS\UPPS.BIN: Permission denied#015
#My config:
Panic Soft #NoFreeOnExit TRUE
define ROOT C:\App\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%
Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data
<Extension _syslog> Module xm_syslog </Extension>
<Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension>
<Extension _exec> Module xm_exec </Extension>
<Input internal> Module im_internal Exec $Hostname = hostname_fqdn(); </Input>
<Input vistalog> Module im_msvistalog </Input>
<Input eventlog> Module im_mseventlog </Input>
<Input testFile> Module im_file SavePos True RenameCheck True Recursive True PollInterval 0.5 #near real time File "C:\test\myfile.txt" ReadFromLast True </Input>
<Output out> Module om_tcp Host linux Port 514 #Exec to_syslog_snare(); </Output>
<Route r>
Path internal, eventlog, vistalog, testFile => out
Path testFile => out </Route>
Hi Ed,
it seems you are using the wrong procedure call to convert to Syslog snare. Kindly test this configuration.
<Output out>
Module om_tcp
Host linux:514
Exec to_snare();
</Output>
I hope this helps.
Jeffron
