Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago I don't have snare set up anywhere to test this, can you send me a few raw
syslogs
so I can try to fix it?
Original comment by cdu...@gmail.com on 26 Oct 2009 at 2:41
GoogleCodeExporter
commented
9 years ago In case you never got one, here you go
<13>Oct 27 14:58:07 hostname MSWinEventLog 1 Security 3314 Tue
Oct 27 14:58:07 2009 861 Security SYSTEM User Failure Audit
PRODMIRR01 Detailed Tracking Message
<13>Oct 27 14:58:18 hostname MSWinEventLog 0 Security 3315 Tue
Oct 27 14:58:14 2009 593 Security Administrator User Success Audit
hostname Detailed Tracking Message
<13>Oct 27 14:58:18 hostname MSWinEventLog 0 Security 3316 Tue
Oct 27 14:58:16 2009 593 Security Administrator User Success Audit
PRODMIRR01 Detailed Tracking Message
<13>Oct 27 14:58:23 hostname MSWinEventLog 0 Security 3317 Tue
Oct 27 14:58:19 2009 592 Security Administrator User Success Audit
PRODMIRR01 Detailed Tracking Message
hostname MSWinEventLog 1 Security 3318 Tue Oct 27 14:59:24
2009 861 Security SYSTEM User Failure Audit PRODMIRR01
Detailed Tracking Message
hostname MSWinEventLog 0 Security 3319 Tue Oct 27 14:59:30
2009 593 Security Administrator User Success Audit PRODMIRR01
Detailed Tracking Message
<13>Oct 27 15:15:18 hostname MSWinEventLog 0 Security 3320 Tue
Oct 27 15:15:18 2009 592 Security Administrator User Success Audit
PRODMIRR01 Detailed Tracking Message
<13>Oct 27 15:15:24 hostname MSWinEventLog 0 Security 3321 Tue
Oct 27 15:15:20 2009 593 Security Administrator User Success Audit
PRODMIRR01 Detailed Tracking Message
I believe lines 5 and 6 are with the syslog header disabled.
Honestly I just switched from using Snare to Datagram SyslogAgent, and it's a
lot
nicer.Original comment by Snore...@gmail.com on 13 Nov 2009 at 5:34
GoogleCodeExporter
commented
9 years ago I need these in tabbed format, the way syslog-ng would dump them into a file
(otherwise, I don't know where the tab delimiters are) :-)
Can you attach a file from a syslog-ng dump?
To set up a file dump, add this to your syslog-ng.conf file:
# Create destination to LogZilla dump file
destination f_logzilla {
file("/var/log/logzilla.log"
template("$HOST\t$FACILITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$P
ROGRAM\t$MSG\n")
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_all);
destination(f_logzilla);
};
Then restart syslog-ng and send me about a file, only about 10 lines are needed.
Thanks!Original comment by cdu...@gmail.com on 13 Nov 2009 at 10:50
GoogleCodeExporter
commented
9 years ago Issue 150 has been merged into this issue.Original comment by cdu...@gmail.com on 13 Nov 2009 at 11:01
GoogleCodeExporter
commented
9 years ago I am having this same problem. Is there any update on the problem? I can supply
a
sample file if required. Thanks!Original comment by andrew.p...@gmail.com on 19 Dec 2009 at 3:41
GoogleCodeExporter
commented
9 years ago I think I may have fixed this in the new version (3.0), is there any way you
can test
using that and let me know?
Also, I've moved all the issue tracking to a forum (http://logzilla.info)
because
it's too hard for me to keep up with the google code issue tracker.
If you're still having problems, please post a new, detailed, message in that
forum.
Thanks!Original comment by cdu...@gmail.com on 22 Feb 2010 at 8:50
GoogleCodeExporter
commented
9 years ago Is that the only solution to this? Upgrade to 3.0? I can't becaue of Mysql
5.1
requirement..
Any help would be greatly appreciated..
-DerrickOriginal comment by dfarme...@gmail.com on 8 Mar 2010 at 8:29
Original issue reported on code.google.com by
tbw1...@gmail.comon 21 Oct 2009 at 7:33