All,
New user question. I am using nxlog to send windows event logs to netwitness. I see that the data is being sent.
I am not sure about the difference between the local collector and the decoder. I am sending data on port 514. The Decoder sees the input. The device type is always unknown. I have no parser configured. I do not see a parser for windows event logs. I am on Netwitness 10.6. I tried many different ways to send the data via nxlog, with no success. What is needed to have my log files identified? Is there a parser the decoder should use on windows event logs?
Jim
Is the winevent_snare parser enabled in the log decoder config page? In admin>service>logdeocder>config