tag:blogger.com,1999:blog-34995790.post6145605150797270836..comments2023-06-29T07:31:14.002+00:00Comments on The Unofficial MARS Blog: Windows Event LoggingChris Durkinhttp://www.blogger.com/profile/08997829845892677696noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-34995790.post-91384965254146814752009-11-24T13:01:01.309+00:002009-11-24T13:01:01.309+00:00Hi, I´m a bit new.
I´m thinking to use the PNAGENT...Hi, I´m a bit new.<br />I´m thinking to use the PNAGENT windows client to push the syslog to mars?<br />But I cant config the client.<br />Could you help me?<br /><br />Many thanks in advanceimahttps://www.blogger.com/profile/01996073060562662891noreply@blogger.comtag:blogger.com,1999:blog-34995790.post-5508231512554105402008-03-07T03:03:00.000+00:002008-03-07T03:03:00.000+00:00Aparantly from TAC the limit is not there post 4.3...Aparantly from TAC the limit is not there post 4.3.1 in 2nd gen MARS.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-34995790.post-42090463911979197742007-08-09T10:21:00.000+00:002007-08-09T10:21:00.000+00:00Hi there,Great blog. I'm connecting MARs to a Wind...Hi there,<BR/><BR/>Great blog. I'm connecting MARs to a Windows box using pull method but logs not going across. <BR/><BR/>(1) Configuring logs on Windows box to be read by local admin account and setting up some audit events<BR/><BR/>(2) Checking RPC service is running<BR/><BR/>(3) Setting up connection on Mars to connect to Windows box using admin account <BR/><BR/>(4) Mars can see Windows boxAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-34995790.post-50522209278362154132007-04-19T22:49:00.000+00:002007-04-19T22:49:00.000+00:00Awesome! Once again you are tackling just the prob...Awesome! Once again you are tackling just the problem I am about to face. It's like you are reading my mind.Anthony Hollowayhttps://www.blogger.com/profile/09574940676243614042noreply@blogger.comtag:blogger.com,1999:blog-34995790.post-89025002470082461432007-04-19T02:19:00.000+00:002007-04-19T02:19:00.000+00:00One other disadvantage to the push method is that ...One other disadvantage to the push method is that Mars has a 500-byte limit on incoming syslog messages. If a Windows event is longer than 500 bytes, which in many cases they are, Mars will not parse all the fields resulting in inconsistent rules, reports, etc.Anonymousnoreply@blogger.com