Server 2008 Only sending generic event types

Unanswered Question
Nov 4th, 2009
User Badges:

Is there a way around this? MARS is on version 6.0.5(3358). We have Snare installed on the servers and are using receive as our logging mechanism.


I have tried setting the server up as every different version of Windows as 2008 is not yet supported in MARS. We are getting all of the Raw Data in the syslog event, but the event type field will only show generic event types. There is a lot of custom reporting we do using the event type field so this is a very big issue for us.


Has anyone found a workaround for this? I opened a TAC case and the only response I got was a link to their document that showed the supported versions of Windows. Whe I asked the engineer to go into further detail about workarounds I have not received any reply.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cory.michal Mon, 11/09/2009 - 09:56
User Badges:

I was told by Cisco that they will have parser support for Windows 2008 in 2H 2010. I'm not sure if that holds true now that they have said they won't write parsers for anything besides Cisco gear.

Actions

This Discussion