Logging, Syslog and Log Anaylsys Forums
September 09, 2010, 09:33:17 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
   Home   WIKI BLOG Help Search Recent Topics GoogleTagged Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: SANRE for Windows  (Read 674 times)
longbowman
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: March 07, 2010, 01:16:09 pm »
We are trying to use SNARE for Windows to send events to a Syslog server. The problem seems to be that SNARE is not grabbing file/folder activity. We have it set to capture these and these events do show in the Windows Event  log but SNARE is not showing any activity. I am using SNARE 3.1.3 and have tried 3.1.7 but still no luck.
Any one have any success with this? Perhaps there is a different Event capture utility to try?
Logged
Admin
Administrator
Newbie
*****
Offline Offline

Posts: 181


View Profile WWW
« Reply #1 on: March 07, 2010, 01:41:34 pm »
Just to clarify - you have set the windows audit policy to monitor file & folder activity, and you see the results in eventlog, but those logs are not being passed to snare?

I suspect Snare may not be set to capture those.  I wonder if ntsyslog would?
Logged
longbowman
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #2 on: March 11, 2010, 10:11:08 pm »
Yes the Windows event viewer shows the auditing occurring just fine. Snare shows nothing. I have even tried just capturing events 650, 654 but still no luck.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC | Sitemap Valid XHTML 1.0! Valid CSS!