Hi,

being pretty new to Sentinel deployments, I was wondering if there are
any experiences in receiving and especially parsing logs of an IIS
6.x/7.x that are being sent to Collector Manager via a Balabit syslog-ng
Agent for Windows.
I currently can have those logs read from the IIS logfiles, and they
are also transferred to CM. Still they are not automatically parsed by
LM. They appear as
"Syslog Event (O : Generic Event Collector )"

I so far found that the standard way to transfer IIS logs is syslog,
but it seems like Sentinel Agent uses a different formatting for them
than Balabit Syslog-ng Agent for Windows does [which is $FILE_NAME:
$MESSAGE by default, already tried $MESSAGE only, but wihtou success]
I currently need to use the Balabit agent, as it is being widely rolled
out and kind of the standard remote logging tool.

Any hints, how to configure the Balabit Agent, or from where to get the
message structure being used by Sentinel Agent IIS plugin?

Thanks in advance,

br

Oliver Funk


--
olifun
------------------------------------------------------------------------
olifun's Profile: http://forums.novell.com/member.php?userid=127010
View this thread: http://forums.novell.com/showthread.php?t=455670