[syslog-ng] patterndb & windows
Peter Czanik
czanik at balabit.hu
Fri Sep 2 10:17:21 CEST 2011
Hello,
On 09/01/2011 06:30 PM, Martin Holste wrote:
> My issue is that I use eventlog-to-syslog, so the patterns don't work for me.
Do you know what the differences are? I mean, it's random, or the
current patterns can be transformed to be useful by eventlog-to-syslog
by adding/removing fields, changing line breaks, etc.
Bye,
CzP
> On Thu, Sep 1, 2011 at 8:27 AM, Christophe Brocas
> <christophe.brocas at cnamts.fr> wrote:
>> Le 01/09/2011 10:29, Peter Czanik a écrit :
>>> Hello,
>>>
>>> A few weeks ago we posted a collection of patterns for Windows 2k8 (but
>>> most of it should work also with other releases). While there were many
>>> people downloading it, I received no feedback at all. So I'd like to
>>> ask, what are your experiences with it? Where could it be improved?
>>>
>>> Please leave your comments here or answer me in private (some UNIX
>>> admins tend to keep it secret, that they also deal with Windows machines
>>> :-) ), so we could make our Windows patterns more useful for you!
>>>
>>> For those, who missed the original announcement, you can read it at
>>> https://czanik.blogs.balabit.com/2011/07/patterns-for-windows-server-2008/
>>>
>>> Bye,
>>>
>> Hello Peter
>>
>> Currently, I try to use your pattern as a model for a current project we have at
>> work :
>>
>> 1. detect file system event log messages (access, write, delete, creation ...),
>> 2. extract information from them (user name, domain name, file pathname ...)
>> 3. use extracted information to write new log messages following a predefined
>> template
>>
>> I am currently at stage 1) : I have to choose the correct log messages. Caution
>> : messages are in French.
>>
>> And I am not sure than I will be able to generate the new log messages with the
>> extracted information.
>>
>> So, yes, your Windows logs pattern file is a really usefull file for us !
>>
>> BR
>> Christophe
>>
>>
>>
>> *****************************************************
>> "Le contenu de ce courriel et ses éventuelles pièces jointes sont confidentiels. Ils s'adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur, et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer à l'émetteur et de le détruire.
>>
>> Attention : L'organisme de l'émetteur du message ne pourra être tenu responsable de l'altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l'émetteur. Elles ne reflètent pas la position de l'organisme sauf s'il en est disposé autrement dans le présent courriel."
>> ******************************************************
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list