Comments for SWAT's blog

Comment on PHPlogcon message parser for SNARE by cnu

cnu — Thu, 25 Feb 2010 10:41:18 +0000

Hello, I made some mistakes. But now it works. Thank You.

Other Question, is it possible to edit the Severity and so on, to get it coloured ? “Success Audit” and “Information” in green and “Warning” in red ? br cnu

Comment on PHPlogcon message parser for SNARE by SWAT

SWAT — Fri, 12 Feb 2010 22:23:16 +0000

just use a correct facility and priority to send it the logs to a separate logfile, you do not need to add prefixes.

Example of one of my own loglines in the logfile:
Feb 12 22:17:53 ARRAKIS MSWinEventLog#0111#011System#011314#011vr feb 12 22:17:45 2010#01185#011SAVOnAccess#011N/A#011N/A#011Error#011ARRAKIS#011None#011#011 File [...\directx.dll.mui]’s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process svchost.exe, (start check timestamp [ 1caac2ad1basehc]). #011113

Comment on PHPlogcon message parser for SNARE by cnu

cnu — Thu, 11 Feb 2010 12:19:45 +0000

Hello, I tried your wrapper. But no success :-(. I installed SNARE, and configured our central rsyslog server.

rsyslog server is configured for windows messages with the line:
:fromhost, startswith, “vu” /var/log/win_eventlog.log

I get the message like this: 2010-02-11T13:00:49+01:00 vuxxxx8 MSWinEventLog 1 Security 489 Thu Feb 11 13:00:26 2010 538 Security ANONYMOUS LOGON Well Known Group Success Audit vuxxxx8 Logon/Logoff User Logoff: #011User Name:#011ANONYMOUS LOGON #011Domain:#011#011NT AUTHORITY #011Logon ID:#011#011(0×0,0×3025986) #011Logon Type:#0113 472
2010-02-11T13:00:49+01:00 vu39198 MSWinEventLog 1 Security 490 Thu Feb 11 13:00:27 2010 540 Security ANONYMOUS LOGON Well Known Group Success Audit vuxxxx8 Logon/Logoff Successful Network Logon: #011User Name:#011 #011Domain:#011#011 #011Logon ID:#011#011(0×0,0×34D6D1C) #011Logon Type:#0113 #011Logon Process:#011NtLmSsp #011Authentication Package:#011NTLM #011Workstation Name:#011 #011Logon GUID:#011- 473

But the complete message is only available in the “Message” column. Nothing in Severity, Eventlog Type and so on. Can you help me ?

Maybe change the delimiter from SNARE ? br cnu

Comment on Ubuntu won a HME award by Carola Danksagung

Carola Danksagung — Tue, 09 Feb 2010 12:53:21 +0000

Congratulations! you and your hole team really deserve that price. You’re doing a great job. Keep it up!

Comment on Ubuntu-NL mirrors - Geheimen ontrafeld! by bremMaire-tool

bremMaire-tool — Fri, 11 Dec 2009 02:50:17 +0000

Bedankt voor de interessante informatie

Comment on Open Source en karten by Wesley

Wesley — Wed, 05 Aug 2009 22:15:53 +0000

Hehe, klinkt leuk waarom heeft trouwens iedereen tegenwoordig dit Wordpress thema..

Comment on Knuffelactie by Herman Bos

Herman Bos — Sun, 29 Mar 2009 17:38:04 +0000

leuk, maar wel behoorlijk zinloos natuurlijk. Maarja hebben ze in elk geval wat te knuffelen als ze geen eten hebben! :o)

Comment on Das keyboard and a binary clock by Herman Bos

Herman Bos — Sun, 29 Mar 2009 17:26:20 +0000

I got a das keyboard as well. Already for a while at the office, but decided to get one at home as well. I didn’t buy the ones with the blank keys, since i don’t see the advantage.

Very happy with the keyboard, types fast.

I do also expect its not a good keyboard for playing games, but who plays games anyway when they have open source software to play with.