Windows Event Logs

Hi Guys,

I have a problem, I must to send the Event log a the LogCollecotr Linux, the problem is when Logcollector riceved the log, the formatting is much long, I want riceved an log so.

Example Log LInux:
" Jun 19 16:23:01 MSI su: pam_unix(su:session): session opened for user ema by (uid=0) "

I can receive the log in this format??

Thank you.

AskedJune 19, 2020 - 4:25pm

Receiving Incomplete Windows Events


I am using NXLog's <Input MSEvtIN> module to forward Windows Event Logs to a syslog server. The problem I am facing is with MTU Size. The default MTU across is 1500 (i.e. 1472 Bytes actual length) But there are many events in windows which are much larger than 1472. Those events having length greater than 1472 bytes are getting truncated at 1472 and received partially on the syslog server. This is creating a problem for my SIEM to parse the logs.

AskedMarch 27, 2020 - 1:15pm