Is there a way around this? MARS is on version 6.0.5(3358). We have Snare installed on the servers and are using receive as our logging mechanism.
I have tried setting the server up as every different version of Windows as 2008 is not yet supported in MARS. We are getting all of the Raw Data in the syslog event, but the event type field will only show generic event types. There is a lot of custom reporting we do using the event type field so this is a very big issue for us.
Has anyone found a workaround for this? I opened a TAC case and the only response I got was a link to their document that showed the supported versions of Windows. Whe I asked the engineer to go into further detail about workarounds I have not received any reply.