Versions Compared

Version Old Version 3 New Version 4
Changes made by

rthornton

rthornton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log type

Format in Reflector

Filter regex (include)

Filter comments

Notes

Apache Web Server

Syslog RFC 3164 (QRadar)

ApacheLog

Set “Log Type” in log file policy as “Apache”.

Microsoft ADFSRaw

Syslog RFC 3164 (QRadar)

AD FS/Admin

Microsoft DefenderRaw

Syslog RFC 3164 (QRadar)

Microsoft-Windows-Windows Defender/Operational

Microsoft DHCP

Syslog RFC 3164 (QRadar)

MSSQL\$MICROSOFT##WID|MSSQLSERVER

Replace MSSQLSERVER with instance name

Set “Log Type” in log file policy as “DHCP”.

Microsoft DNS Server

Syslog RFC 3164 (QRadar)

MSDNSServer

Set “Log Type” in log file policy as “DNS”.

Microsoft Exchange Parser

Syslog RFC 3164 (QRadar)

ExchangeLog

“Custom” Log type specified in policy. Set as "ExchangeLog".

Microsoft IIS Server

Syslog RFC 3164 (QRadar)

IISWebLog

Set “Log Type” in log file policy as “IIS”.

Microsoft Windows Powershell

Syslog RFC 3164 (QRadar)

Microsoft-Windows-PowerShell/Operational

Microsoft Windows Snare ApplicationRaw

Syslog RFC 3164 (QRadar)

MSWinEventLog

One desitnation and policy required for Security, Application and System

Microsoft Windows Snare SecurityRaw

Syslog RFC 3164 (QRadar)

MSWinEventLog

See above

Microsoft Windows Snare SystemRaw

Syslog RFC 3164 (QRadar)

MSWinEventLog

See above

Microsoft Windows SysmonRaw

Syslog RFC 3164 (QRadar)

Microsoft-Windows-Sysmon/Operational

Microsoft Windows Sysmon

Syslog RFC 3164 (QRadar)

Microsoft-Windows-Sysmon/Operational

RADIUS_NPS

Syslog RFC 3164 (QRadar)

RadiusLog

“Custom” Log type specified in policy. Set as "RadiusLog".

Windows MSSQL Via Syslog SNARERaw

Syslog RFC 3164 (QRadar)

MSSQL\$MICROSOFT##WID|MSSQLSERVER

Replace MSSQLSERVER with instance name

Windows MSSQL Via Syslog SNARE

Syslog RFC 3164 (QRadar)

MSSQL\$MICROSOFT##WID|MSSQLSERVER

Replace MSSQLSERVER with instance name

...