Dave Glover

Windows Snare Logging Via VLC

Discussion created by Dave Glover Employee on Jan 31, 2017
Latest reply on Feb 7, 2018 by KEVIN DIENST

Folks

 

We have identified and issue when collecting Windows Snare logs Via a VLC.  The problem presents itself when you use the default tab delimiter vs the comma delimiter and using a VLC to collect the logs.

 

There is code in the VLC that converts all tabs to spaces on inbound syslog messages.  Once the tab is replaced, the logs no longer parse as the parser is specifically looking for tabs NOT spaces.

 

The issue does not present itself if you send the logs directly to the log decoder, it is only present when using a VLC.

 

To correct the issue you must remove the highlighted on the VLC in question prior to enabling sending Snare logs

 

 

Hope this helps

 

Dave

 

 

Outcomes