• Support
  • Forums
  • Blogs

AlienVault - Custom Logs

KapilDaveKapilDave

New Life Form
Hello all

Please, anyone, guide how to send custom logs from the windows machine (not Machine EventLog) to AlienVault and display in graphs.

    <Event>
      <System>
      <CustomField1>YOUR_COMPUTER</CustomField1> 
      <CustomField2>YOUR_COMPUTER</CustomField2> 
      <Provider Name="Application" /> 
      <EventID Qualifiers="0">1001</EventID> 
      <Level>4</Level> 
      <Task>0</Task> 
      <Keywords>0x80000000000000</Keywords> 
      <TimeCreated SystemTime="2015-07-12T21:26:07.000000000Z" /> 
      <EventRecordID>86554</EventRecordID> 
      <Channel>Application</Channel> 
      <Computer>YOUR_COMPUTER</Computer> 
      <Security /> 
      </System>
      <EventData>
         <Data>Entry1</Data> 
         <Data>Entry2</Data> 
      </EventData>
     </Event>



Thanks in advance 

Share post:

Answers


  • In general-

    1.  Transform your XML into a single line (XSLT, remove CR/LFs, etc.)
    2.  Send via syslog to AV (via klog for example)
    3.  Add an entry for rsyslog to put the log into its own log file, e.g. /var/log/custom.log
    4.  Write a new plugin that reads that log and parses the event data

    Rus



Sign In or Register to comment.