How to send Windows Event Logs into Graylog

dscryber · March 22, 2022, 6:57pm

How to send Windows Event Logs into Graylog

@lennartkoopmann

Windows cannot forward EventLog via the network to a central place like Graylog. You’ll have to run an agent that can talk to Graylog. Good news is that there are two officially recommended agents:

Graylog Sidecar

The Graylog Collector Sidecar is a supervisor process for 3rd party log collectors like NXLog or beats. The Sidecar program is able to fetch configurations from a Graylog server and render them as a valid configuration file for various log collectors. You can think of it like a centralized configuration management system for your log collectors.

Please read the official documentation to learn how to use the Graylog Collector Sidecar.

nxlog

The NXLog Community Edition is suitable to forward Windows EventLog to Graylog natively. Please refer to their official documentation for more information.

Topic		Replies	Views
How to collect log from Windows Server without use Nxlog, collector sidecar? Graylog Central (peer support) sidecar , winlogbeat	5	4663	January 20, 2018
Graylog Sidecar Collector, NXLOG and Windows Events Graylog Central (peer support) sidecar	5	7008	February 16, 2017
How to use graylog to view logs from multiple machines [Mainly Windows] Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	2	1496	October 30, 2020
Sending Windows Logs to GrayLog Graylog Central (peer support) sidecar , winlogbeat	3	6645	August 4, 2021
How to Send Syslog Data From Windows Server 2016 Graylog Central (peer support) sidecar , nxlog , filebeat-windows , winlogbeat , nodatanx	10	11068	October 7, 2017

How to send Windows Event Logs into Graylog