Windows Event Logs format with Kiwi Server & Snare

Question

Hi everyone :)

I'm currently testing Kiwi Syslog Server with Snare forwarding Windows events.

Here is what I obtain on Syslog Server :

As you can see, the Windows message isn't very clear and I hope to have something like this :

Can someone please help me with that ?

Thanks :)

bshopp · Accepted Answer

Let me see if I can restate what you're asking for when you say "clean" Kiwi Syslog Viewer. You're asking for the Windows event to be normalized and show up in columns that relate to the Windows Event Log columns versus in just the message field. If that’s the case, this isn’t something we do automatically today, but we’ve got this on the list of enhancement candidates. In the interim, you’d need to use a custom script action to parse the Windows Event Log data into the appropriate columns.