0 Replies Latest reply on Jun 10, 2014 3:44 AM by ovidiu.tatarasanu

    How to extract fields from windows event logs?

    ovidiu.tatarasanu

      Hello,

       

      I want to monitor a windows network file share(CIFS) with the McAfee SIEM- I've activated all necesary audit settings, and the events are logged in Windows.

       

      To get events in SIEM I've tried the classical way with the WMI collector; the problem is that the WMI rules are not parsing all fileds that I need from the events(for example Object accessed, Access requested etc. ). I've see that WMI rules can't be edited or added so I'm thinking to use another method: get event logs via McAfee SIEM Collector and then parse the content with ASP.

       

      The problem is that McAfee SIEM Collector send events via MEF so the question is: how can I manually create parsing rules for content comming from the collector?

       

      Thank you,

      Ovidiu