I'm currently setting up a remote logging solution running two Windows Machines and I'm running Snare in one of them to send syslog messages to another one.
I want the syslog messages to be stored by Kiwi at the NT Event log system but with no success.
The messages are arriving but it seems like the format doesn't match the NT standards - the messages are logged at the other Windows box but you can't really do anything with them since all data (Event ID, source, Type, etc..) is in the field "DEscription", as follows:
I manage to change the character 009 for TAB (option "Replace non printable characters with <ASCII value>>" at Modifiers menu) and now I got tabs instead of <009> but that didn't help.
I expect Kiwi syslog to put the event in the NT Event Log pretty and clear, not this mess :(
Is there anything I'm missing?
By the way, what that message prior the event means? Any clue? /AUXSOURCE= flag ?
I hope anyone out there already performed this - I'm sure I'm not the only one. *hopes*
I'm going to move this thread to the kiwi forum because more of the community will see it there.