All,
I have a question about Graylog receiving Analytic (Verbose) from Windows Server Event Viewer.
Currently were using Nxlog Community addition nxlog-ce-2.10.2150.msi . After enabling logging for Debug and Analytical channels and these channels are based on ETW and cannot be collected as regular Windows Event log channels via the im_msvistalog module in NxLog
I also found out that NXLog enterprise version can collect logs from ETW with the im_etw module and send them to graylog. Does anyone know how I could accomplish this with out buying the enterprise version?
My Environment:
CentOS 7 Latest Version
Graylog 3.1.1+b39ee32
Elasticsearch-6.6.1-1.noarch
Mongodb-org-4.2.0
Any advice, Ideas or direction would be appreciated.
Thank you in advance.