Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

Syslog'ing windows logs in snare format withIP address in header
Hello all, I wanted to syslog the Windows logs to one of my SIEM in snare format. when i configure the nxlog as given below, the hostname is there in header. but i wanted to use any of the IP address of the server in header. current logs format: Dec 15 11:18:52 ad-server.ad.cap62.test MSWinEventLog 1 Directory Service 1742824 Tue Dec 15 11:18:52 2015 103 NTDS ISAM N/A N/A Information ad-server.ad.cap62.test Knowledge Consistency Checker NTDS (500) NTDSA: The database engine stopped the instance (0). 458 the format i need: Dec 15 11:18:52 10.10.10.1 MSWinEventLog 1 Directory Service 1742824 Tue Dec 15 11:18:52 2015 103 NTDS ISAM N/A N/A Information ad-server.ad.cap62.test Knowledge Consistency Checker NTDS (500) NTDSA: The database engine stopped the instance (0). 458 config file: define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension syslog> Module xm_syslog </Extension> <Input internal> Module im_internal </Input> <Input in> Module im_msvistalog </Input> <Output out> Module om_udp Host <IP Address of host> Port 514 Exec to_syslog_snare(); </Output> <Route 1> Path eventlog, in => out </Route> Please anyone help me with that?

valtervetri001 created
Replies: 1
View post »
last updated