Problems with IIS logs and snare format

Does it work to send IIS logs in snare format ???

when i use the "Exec to_syslog_snare();" option in output, it sends logs like they are MSWinEvents...


<13>Oct 21 06:26:36 SRV-00-20-21 MSWinEventLog    1    N/A    17    Fri Oct 21 06:26:36 2016    N/A    N/A    N/A    N/A    N/A    N/A    N/A        N/A    N/A

AskedOctober 21, 2016 - 8:46am

Pulling Check Point logs

I was reading the Enterprise Edition documentation on Check Point OPSEC LEA. Can this be done on a Windows server or do I need to use a Linux server?

AskedOctober 20, 2016 - 4:25pm

Reading in ModSecurity logs using nxlog

I'm attempting to use nxlog to pull in audit files from ModSecurity the root of the log files reside at /var/log/modsec_audit/. The actual log files are two folders lower, as modsecurity creates the folders that are timestamped by day and then minute.

AskedOctober 18, 2016 - 4:55pm

Filtering to specific logs


I'm somewhat new to Netwrix, and I need some help understanding how I can send ONLY specific logs up to our SEIM.  I've dug through the documentation a bit, and will continue to do so.  I'm sure someone on here can whip up a quick response...

Here is my config file, please help me with mocking up a config that will only send up events 4648 and 4624...

AskedOctober 17, 2016 - 6:56pm