Feeds2Read: RSS FEED .: Logging, Syslog and Log Anaylsys Forums :. Live information from Logging, Syslog and Log Anaylsys Forums, RSS Feeds Aggregator and RSS Directory

Logging, Syslog and Log Anaylsys Forums

Live information from Logging, Syslog and Log Anaylsys Forums

Fri, 12 Mar 2010 04:11:08 +0100

Yes the Windows event viewer shows the auditing occurring just fine. Snare shows nothing. I have even tried just capturing events 650, 654 but still no luck.

Tue, 09 Mar 2010 13:14:43 +0100

.::Re: $YEAR, $MONTH & $DAY in file source::.

Hi, what you are looking for is using wildcards in the filename (http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s03.html#configuring_sources_file), but this feature is currently available only in the commercial syslog-ng Premium ...

Sun, 07 Mar 2010 19:41:34 +0100

.::Re: SANRE for Windows::.

Just to clarify - you have set the windows audit policy to monitor file & folder activity, and you see the results in eventlog, but those logs are not being passed to snare?

I suspect Snare may not be set to capture those. I wonder if ntsyslog would?

Sun, 07 Mar 2010 19:16:09 +0100

.::SANRE for Windows::.

We are trying to use SNARE for Windows to send events to a Syslog server. The problem seems to be that SNARE is not grabbing file/folder activity. We have it set to capture these and these events do show in the Windows Event log but SNARE is not showi...

Sun, 28 Feb 2010 22:14:26 +0100

.::Re: Simple syslog-ng file configuration confusion::.

Thanks a lot for your help. Let me test few things and I will come back with my question later.