HibikeQuantum / eventlog-to-syslog

Automatically exported from code.google.com/p/eventlog-to-syslog
0 stars 0 forks source link

Success/Failure status #29

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
Some events like Security 560 
(http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?even
tid=560) have success/failure status. It is not reported by evtsys.

What is the expected output? What do you see instead?
A new field indicating the status.

What version of the product are you using? On what operating system?
4.4 on windows 2003, 2008

Please provide any additional information below.
Mainly occurs on Audit Events, where you can check if an event has succeeded or 
not.

Original issue reported on code.google.com by wired...@gmail.com on 8 Mar 2011 at 4:01

GoogleCodeExporter commented 8 years ago
The previous version made the change to where AUDIT_FAILURES appear as error 
instead of information. Are you saying you would like to see the AUDIT status 
in the actual message?

Original comment by sherwin....@gmail.com on 9 Mar 2011 at 4:18

GoogleCodeExporter commented 8 years ago
Yes, I would like that change. Ive been looking at sources but I couldnt 
understand what winevent.c does.
I think is easy to filter in syslog every message from eventlog to a single 
file and parse later the file for alerts and reports, which is mainly the use 
Im doing of it. 

Original comment by wired...@gmail.com on 15 Mar 2011 at 3:28

GoogleCodeExporter commented 8 years ago
I will add this to the binaries I build this weekend.

Original comment by sherwin....@gmail.com on 1 Apr 2011 at 4:33

GoogleCodeExporter commented 8 years ago
Fixed, awaiting build and test.

Original comment by sherwin....@gmail.com on 16 Oct 2012 at 4:39