I need a solution
Hello Guys,
We are implementing a log management system that will forward the log from multiple source (E.g. SEPM, Active Directory, DLP, Proxy) and we found that SEPM Log (ersecreg.log & exsecars.log) only keep the month and the day (E.g. 01/05) but not the year.
This make log correlation challenging for certain log management device. The vendor advice that they have to hardcode the year for the log to correlate.
01/05 12:22:36 [6772:12916] 10.152.3.75<AgentInfo DomainID="0AA1222B3C4567890123DEF4567G890G" AgentType="105" UserDomain="COUNTRY.DOMAIN.NAME.COM" LoginUser="username" ComputerDomain="COUNTRY.DOMAIN.NAME.COM" ComputerName="12345" PreferredGroup="My%20Company%5cWORKSTATION" PreferredMode="1" KnownClientID="9DB118760A981A4000025B1005D0CFC8" HardwareKey="01234567890ABCDEFGHIGKLMN1234567" IsNPVDIClient="0" SiteDomainName=""/> AgentID=01234567890ABCDEFGHIJKLMN1234567 AgentType=105 ComputerID=01234567890ABCDEFGHIJKLMN1234567 Hash Key=2FB5E1923FE9EBC964D3492BDE854E99Does anyone know what is the main rational of not including the year in the SEPM log format?
Appreciate anyone that have a good perspective on this~
0