Hi,

We pull SQL events from the application log into Sentinel using the
NetIQ Agent. They come in through the Universal Event so are not parsed
fully. I get VendorEventCode, ObserverHostName, ObserverServiceName,
EventName, TargetHostName parsing correctly but TargetUserName,
TargetDataName for example aren't parsed out . It is possible to route
them through the MS SQL Collector so they are parsed fully using this
method?

Thanks

Paul


--
rochfordp
------------------------------------------------------------------------
rochfordp's Profile: https://forums.netiq.com/member.php?userid=6749
View this thread: https://forums.netiq.com/showthread.php?t=56028