Graylog Recieving Debug and Analytic Messages

All,
I have a question about Graylog receiving Analytic (Verbose) from Windows Server Event Viewer.
Currently were using Nxlog Community addition nxlog-ce-2.10.2150.msi . After enabling logging for Debug and Analytical channels and these channels are based on ETW and cannot be collected as regular Windows Event log channels via the im_msvistalog module in NxLog
I also found out that NXLog enterprise version can collect logs from ETW with the im_etw module and send them to graylog. Does anyone know how I could accomplish this with out buying the enterprise version?

My Environment:
CentOS 7 Latest Version
Graylog 3.1.1+b39ee32
Elasticsearch-6.6.1-1.noarch
Mongodb-org-4.2.0

Any advice, Ideas or direction would be appreciated.
Thank you in advance.

he @gsmith

what about winlogbeat? Does that work together with sysmon you should have great results.

https://support.graylog.com/help/en-us/10-beats/4-winlogbeat-example-configurations

@jan
Sorry for the delay just got home from va-ca. I will give it a try.
Thank you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.