[syslog-ng] syslog-ng and ntsyslog

Fiorenzi Alessandro alessandro.fiorenzi at infogroup.it
Tue Oct 12 16:02:10 CEST 2010


Hi,
We have syslog-ng 3.05 as log server, and datagram syslog agent on windows system  (originary ntsyslog)
form e windows 2003 server with syslogagent configure I have this event on eventviewer

Event Type:       Success Audit
Event Source:   Security
Event Category:               Logon/Logoff
Event ID:             538
Date:                    10/12/2010
Time:                    12:26:43 PM
User:                    DOMAINXXX\A.Fiorenzi
Computer:         XXXXXX
Description:
User Logoff:
                User Name:       A.Fiorenzi
                Domain:                              DOMAINXXX
                Logon ID:                            (0x0,0xF78F137)
                Logon Type:       10


and on syslog-ng server i get this:


Oct 12 12:26:43 XXXXXX security[success]: 538 DOMAINXXX\a.fiorenzi User Logoff        User Name:      A.Fiorenz       Domain:         DOMAINXX        Logo
n ID:           (0x0,0xF78F137  Logon Type:     1


where the descrition field has UserName, Domain, logon ID an Logon Type cutted.

I have record the network traffic via tcpdump and I have seen data arrive correctly.
So have set in syslog-ng.conf options the statement log_msg_size(8192);
The problem is still open and I do not know how to solve, anyone can help me?



Alessandro Fiorenzi

Prima di stampare, pensa all'ambiente ** Think about the environment before printing

________________________________
Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, ? pregato di avvisare tempestivamente il mittente e di cancellarlo.
E' strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso.
Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilit? per eventuali danni o perdite derivanti dalla presenza di virus.

***
This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden.
We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses.
For the conduct of investment business in the UK, the Company is authorized by Bank of Italy and regulated by the Financial Services Authority.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101012/7794c113/attachment.htm 


More information about the syslog-ng mailing list