Which one to choose Windows xml OR non-xml format ...

AL3Z · ‎12-14-2023

Hi,

In our environment, we utilize Windows security logs for our security purposes. To reduce licensing costs, I'm considering switching the render XML setting to false. I'm wondering if this is advisable, especially given our focus on security use cases. Could you highlight the major distinctions between using XML and non-XML formats for these logs?

Thanks.

PickleRick · ‎12-15-2023

While I didn't do comparison tests myself, the general consensus is that XML-rendered windows logs are the better choice. They do not cause problems with parsing (there were some problems with ambiguous data in the traditionally formated data I recall vaguely; probably more experienced with older versions colleagues could tell you more). Also they tend to be actually smaller than traditionally formatted logs.

AL3Z · ‎12-15-2023

@PickleRick ,

My aim is to save the license. Can you assist me in blacklisting some of the most common Windows security events

PickleRick · ‎12-15-2023

Sorry, can't help you here. I'm not a windows expert.

AL3Z · ‎12-15-2023

@PickleRick ,

By any chance vpn / firewall logs ?

Which one to choose Windows xml OR non-xml format to save licensing

using Enterprise Security

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!

Are you a member of the Splunk Community?

Which one to choose Windows xml OR non-xml format to save licensing

using Enterprise Security

Index This | What’s a riddle wrapped in an enigma?

BORE at .conf25

OpenTelemetry for Legacy Apps? Yes, You Can!