I am currently setting up windows file access auditing on our storage. The data from netapp is sent to a file on storage as *.evtx. I can open the file up (MMC>Event Viewer>import file) and see my data. My question is how to I get this in to graylog?
You could use a tool such as log2timeline to parse the EVTX file and send the result (a CSV file) to Graylog using Filebeat or any other log shipper.
1 Like
Can someone help me figure out log2timeline. I have no idea how to parse out data from a a file c:\temp\a.evtx
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.