Modern Snare-Format Parsing Arrives: Introducing the mmsnareparse Module
Last September, Rainer Gerhards revisited a long-standing challenge: normalizing legacy Windows Snare logs for use in modern observability pipelines.
In his article Revisiting old style Windows Log Schema Mapping, he explored heuristic and AI-assisted methods to better handle these still-prevalent formats.
That effort has now resulted in production-ready code: the new mmsnareparse module — already part of the daily stable build and scheduled for inclusion in the 8.2510.0 stable release.
We’re looking for testers right now.
If your systems still forward Windows Security logs in Snare format, please deploy mmsnareparse and let us know how it performs in your environment.
Real-world feedback will directly shape future development.
rsyslog status update – what is going on?
There is lots of work going on with rsyslog currently. The last scheduled stable release, v8.2508.0 happened on August , 26th 2025. Be reminded that we offer daily stable releases which enable you to bnefit early from new features and bug fixes.