Request trial
Request Trial

Accesses to AccessList mapping

Tags: NXLog Community Edition
#1 opoplawski

I'm sending im_msvistalog messages to splunk via to_json().  I'm ending up with a field AccessList like:

AccessList: %%4423

which I assume is some kind of mapping of:

Access Request Information: Accesses: ReadAttributes

from the “Message” component.  Is that right?  If so, it's fairly obscure.  Is there some way to preserve “Accesses” as is?  What is “AccessList” trying to tell me?  Is there somewhere I can go to decode it?

Permalink
#2 gahorvath Nxlog ✓

Hi,

I spent some time trying to figure out if the relationship between AccessList and Access Request Information is documented by Microsoft, but I found no trace of it.

I'll take a second look at it in January. 

NXLog EE has an option called CaptureEventXML that might help with this, but I am not sure. 

You could give NXLog EE a try and see if the data you want is accessible using CaptureEventXML

https://nxlog.co/downloads/nxlog-ee

 
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS