Log Source not properly parsed

[GoogleCodeExporter]

I am looking through the logs and noticed that the log source is not properly 
parsed for Windows 2008 logs.

I see stuff like this:

source=An account was successfully logged on. Subject
source=An account was logged off. Subject
source=Special privileges assigned to new logon. Subject

I am using evtsys (http://code.google.com/p/eventlog-to-syslog/) to send the 
logs from Windows 2008 to my syslog server.  

Is this a problem with the evtsys logs being sent or a problem in the parser?

Original issue reported on code.google.com by edavi...@gmail.com on 23 Feb 2012 at 4:52

[GoogleCodeExporter]

This is a problem with the parser not being specific to the myriad of types of 
Windows messages.  The "source" field works on some but not others.  At some 
point, I'd like to define much more specific parsers for a lot of Windows logs, 
especially to pull out usernames and "network source" addresses (IP's).

Patterns are welcome!  To quickly get started, check out the patternize utility 
(http://gyp.blogs.balabit.com/tag/patternize/), which will take a file full of 
logs (which you can get by doing an export from ELSA) and will find all of the 
similar and non-similar patterns to ease patterndb writing.

Original comment by mchol...@gmail.com on 23 Feb 2012 at 5:37

• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

Closing until I or other write patterns for these.

Original comment by mchol...@gmail.com on 31 May 2012 at 2:45

• Changed state: WontFix