• Support
  • Forums
  • Blogs

AlienVault - Custom Logs


New Life Form
Hello all

Please, anyone, guide how to send custom logs from the windows machine (not Machine EventLog) to AlienVault and display in graphs.

      <Provider Name="Application" /> 
      <EventID Qualifiers="0">1001</EventID> 
      <TimeCreated SystemTime="2015-07-12T21:26:07.000000000Z" /> 
      <Security /> 

Thanks in advance 

Share post:


  • In general-

    1.  Transform your XML into a single line (XSLT, remove CR/LFs, etc.)
    2.  Send via syslog to AV (via klog for example)
    3.  Add an entry for rsyslog to put the log into its own log file, e.g. /var/log/custom.log
    4.  Write a new plugin that reads that log and parses the event data


Sign In or Register to comment.