Community Forum | Log collection solutions

Windows Logs

Hello everyone, I have a window server that receives logs from other windows hosts (log collector) and from this last one, events are sent to a Fortisiem. The problem is that in SIEM the IP that appears is always the collector's IP and all host events are identified by that IP. Is it possible to keep the original IP of each host? My out config: <Output out> Module om_tcp Host %OUTPUT_DESTINATION_ADDRESS% Port %OUTPUT_DESTINATION_PORT% Exec $EventTime = integer($EventTime) / 1000000; Exec $Message = replace($Message, "\t", " "); $Message = replace($Message, "\n", " "); $Message = replace($Message, "\r", " "); Exec $Message = to_json(); to_syslog_snare(); </Output> Thanks

egas84 created 4 years ago

Replies: 1

View post »
last updated 4 years ago

windows | FortiSIEM

Syslog of Windows Server 2012 R2 from Nxlog to FortiSIEM

Hi, I want to send syslog from Windows Server 2012 R2 (using NxLog) from my SIEM (FORTISIEM)

deyvis.valladares created 5 years ago

Replies: 5

View post »
last updated 5 years ago

FortiSIEM