Hello,
I got a problem in defining source type to get logs from a windows host on my lan.
I receive the logs over tcp on port 30000. I get the logs but they'rent parse well.
Which source type should i choose for my log to be parsed ?
The logs are the WinEventLog:Security - Application and system and what i receive is somthing like that :
4/25/13 4:23:22.000 x86yxB3z+9kgxE7x00x00x18x009x008x005x003x002x00/x00x16x00x13x00 host=10.1.1.2 sourcetype=WinEventLog source=tcp:30333 source=tcp:30000
As i configure my input data, i don't see any source type that match.
Also, can i parse my data at the source on the universal forwarder?
Thank you in advance for your response,
PM