I am forwarding windows server 2003 events to NetXMS. On one of the servers Snort is running and it logs events into the application log that look as follows:
Event Type: Warning
Event Source: snort
Event Category: None
Event ID: 1
Date: 2/6/2013
Time: 1:16:06 PM
User: N/A
Computer: MDCFW
Description:
The description for Event ID ( 1 ) in Source ( snort ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [1:1448:13] MISC MS Terminal server request [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} XXX.xxx.xxx.xxx:4199 -> xxx.xxx.xxx.xxx:3389.
These events are not forwarded but instead I get a message that LogWatch cannot format the event message.
Is there a work-around for this or perhaps a method to grab snort events directly?
Thanks
Peter
Event Type: Warning
Event Source: snort
Event Category: None
Event ID: 1
Date: 2/6/2013
Time: 1:16:06 PM
User: N/A
Computer: MDCFW
Description:
The description for Event ID ( 1 ) in Source ( snort ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [1:1448:13] MISC MS Terminal server request [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} XXX.xxx.xxx.xxx:4199 -> xxx.xxx.xxx.xxx:3389.
These events are not forwarded but instead I get a message that LogWatch cannot format the event message.
Is there a work-around for this or perhaps a method to grab snort events directly?
Thanks
Peter