2 Answers
- Newest
- Most votes
- Most comments
0
I don't think it is particularly strange that the output is in XML.
If you check the Event Viewer on the Windows server, you will see the logs in the same XML format.
0
Hi DD-Boom
in addition to Riku
The windows stored event logs in XML format. You an see the WEF format
https://docs.nxlog.co/userguide/integrate/windows-eventlog.html
The format you have written is not log format it is how event viewer shos the log in user interface
and as you can see here
https://johndcyber.com/how-to-forward-windows-event-logs-to-cloud-watch-in-5-easy-steps-13fa65a173b2
CloudWatchAgent forwards the event in the same format also
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
Normally it will be the log content [Security] [INFORMATION] [5061] [Microsoft-Windows-Security-Auditing] [Jump] [Cryptographic operation.
Subject: Security ID: S-0-1112 1069 Account Name: ****** Account Domain: ******* Logon ID: 0x1B313D0
Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNCCTVN Key Name: *******.net Key Type: User key.
Cryptographic Operation: Operation: Open Key. Return Code: 0x87788016]