barnyard2 icon indicating copy to clipboard operation
barnyard2 copied to clipboard

Published 20 hours ago verified publisher icon firnsy

Datestamp format change for Syslog_full output

Open sniglet opened this issue 8 years ago • 0 comments

Syslog output was functioning properly, sending output to SIEM:

Mar 14 15:12:00 UKB1-1PSEAP01 snort[31915]: [1:6700:19] FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 17.253.37.202:80 -> 10.166.171.58:49311

Updated infrastructure to 2.1.14 (Build 337) has Syslog output looking like:

2016-03-14T09:55:31Z SAV1-1PSEAP01 [125:6:1] ftp_pp: FTP response length overflow [Classification: Attempted User Privilege Gain] [Priority: 1]: {TCP} 10.120.2.75:2100 -> 10.201.32.60:30573

Which is arguably more correct (and avoids Y2K like bugs), but breaks input to SIEM.

sniglet avatar Apr 21 '16 21:04 sniglet