I am currently setting up windows file access auditing on our storage. The data from netapp is sent to a file on storage as *.evtx. I can open the file up (MMC>Event Viewer>import file) and see my data. My question is how to I get this in to graylog?
You could use a tool such as log2timeline to parse the EVTX file and send the result (a CSV file) to Graylog using Filebeat or any other log shipper.
Can someone help me figure out log2timeline. I have no idea how to parse out data from a a file c:\temp\a.evtx
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.