Hi All
Can any one have parser for Wallix Admin Bastion logs
Best Regards
Hi Waloo5,
Sorry, this might just be my fault, but I'm afraid I don't understand your request. Can you explain what you're looking for in more detail please?
Kind regards,
Created on 07-01-2024 12:55 AM Edited on 07-01-2024 12:56 AM
Hi @Stephen_G
I need to have logs from my Wallix Bastion and I configured it to send logs to my FortiSIEM but all logs are as "Unknown event type", If some one have the parser for it I will be gratuful
Some exemples of logs:
Log 1: <14>1 2024-06-26T22:37:26+01:00 SRV-Wallix-Bastion rdpproxy 18992 - -
[RDP Session] session_id="190566c73953a5be0050568a45c1"
client_ip="192.168.100.1" target_ip="192.168.1.210" user="XXXX"
device="DC-XXXXX" service="RDP" account="XXXX" type="KBD_INPUT"
data="hraccess1"
Log 2: <14>1 2024-06-26T22:37:30+01:00 SRV-Wallix-Bastion rdpproxy 20258 - -
[RDP Session] session_id="190564df441871e70050568a45c1"
client_ip="192.168.1.240" target_ip="10.10.33.13"
user="XXXX" device="PCYYYY" service="RDP"
account="JXXX" type="COMPLETED_PROCESS"
command_line="\"C:\\Program Files
(x86)\\Microsoft\\Edge\\Application\\126.0.2592.61\\identity_helper.exe\" --
type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --
lang=fr --service-sandbox-type=none --field-trialhandle=
25476,i,3536162623415184737,13780532054667721275,262144 --
variations-seed-version --mojo-platform-channel-handle=29472 /prefetch:14"
In attach the configuration of my Wallix Bastion ( I use rfc 5424):
Best Regards
Hi Waloo5,
Understood - thanks for clarifying! I'm afraid I don't know if this is possible. But if someone here could reply to contradict me, that would be great.
Sorry I can't help further.
Kind regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1089 | |
892 | |
535 | |
441 | |
152 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.