I am currently setting up windows file access auditing on our storage. The data from netapp is sent to a file on storage as *.evtx. I can open the file up (MMC>Event Viewer>import file) and see my data. My question is how to I get this in to graylog?

Custom evtx to graylog, possible?

jochen (Jochen) April 27, 2018, 7:09am 2

You could use a tool such as log2timeline to parse the EVTX file and send the result (a CSV file) to Graylog using Filebeat or any other log shipper.

1 Like

Topic		Replies	Views
Import evtx-files from a directory to graylog Graylog Central (peer support) sidecar , nxlog , filebeat-windows , winlogbeat	8	923	July 2, 2023
XML files from event viewer Graylog Central (peer support)	4	1451	July 3, 2018
Receive Windows event logs from a remote windows-like server Graylog Central (peer support)	2	1171	October 20, 2020
Best Method for Forwarding A Variety of Application ".Log" Files Graylog Add-ons sidecar , nxlog , filebeat-windows , winlogbeat , nodatanx	3	3110	April 10, 2017
Send Log custom app Graylog Central (peer support)	2	320	September 7, 2018