cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
1
Replies

Server 2008 Only sending generic event types

jordanperks
Level 1
Level 1

Is there a way around this? MARS is on version 6.0.5(3358). We have Snare installed on the servers and are using receive as our logging mechanism.

I have tried setting the server up as every different version of Windows as 2008 is not yet supported in MARS. We are getting all of the Raw Data in the syslog event, but the event type field will only show generic event types. There is a lot of custom reporting we do using the event type field so this is a very big issue for us.

Has anyone found a workaround for this? I opened a TAC case and the only response I got was a link to their document that showed the supported versions of Windows. Whe I asked the engineer to go into further detail about workarounds I have not received any reply.

1 Reply 1

cory.michal
Level 1
Level 1

I was told by Cisco that they will have parser support for Windows 2008 in 2H 2010. I'm not sure if that holds true now that they have said they won't write parsers for anything besides Cisco gear.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: