Hi,

We have syslog-ng 3.05 as log server, and datagram syslog agent on windows system  (originary ntsyslog)

form e windows 2003 server with syslogagent configure I have this event on eventviewer

 

Event Type:       Success Audit

Event Source:   Security

Event Category:               Logon/Logoff

Event ID:             538

Date:                    10/12/2010

Time:                    12:26:43 PM

User:                    DOMAINXXX\A.Fiorenzi

Computer:         XXXXXX

Description:

User Logoff:

                User Name:       A.Fiorenzi

                Domain:                              DOMAINXXX

                Logon ID:                            (0x0,0xF78F137)

                Logon Type:       10

 

 

and on syslog-ng server i get this:

 

 

Oct 12 12:26:43 XXXXXX security[success]: 538 DOMAINXXX\a.fiorenzi User Logoff        User Name:      A.Fiorenz       Domain:         DOMAINXX        Logo

n ID:           (0x0,0xF78F137  Logon Type:     1

 

 

where the descrition field has UserName, Domain, logon ID an Logon Type cutted.

 

I have record the network traffic via tcpdump and I have seen data arrive correctly.

So have set in syslog-ng.conf options the statement log_msg_size(8192);

The problem is still open and I do not know how to solve, anyone can help me?

 

 

 

Alessandro Fiorenzi


Prima di stampare, pensa all'ambiente ** Think about the environment before printing

Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, è pregato di avvisare tempestivamente il mittente e di cancellarlo.
E’ strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso.
Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilità per eventuali danni o perdite derivanti dalla presenza di virus.

***
This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden.
We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses.
For the conduct of investment business in the UK, the Company is authorized by Bank of Italy and regulated by the Financial Services Authority.