Hello guys,
I want to configure graylog sidecar to import WIndows-Event-Logs from a directory to graylog. Is it possible to use nxlog, filebeat or winlogbeat to import these logs? I tried some different configs but I dont get it. Maybe there is someone who already did finish the import with one of those tools.
Thank you!
Do you mean already exported windows events like evtx files?
Yes, exactly
Many evtx-files in a directory
This article is about doing it into ELK but most of the steps about the client side steps are the same, just make sure your winlogbeat config is set to output to Graylog Manually upload EVTX log files to ELK with Winlogbeat and PowerShell – Burnham Forensics
Alright, thank you, I will try that.
The only problem is that I want to automize it. For example:
I put new files in the directory and they are automatically imported to Graylog without using a powershell script.
This may be helpful Not sure how to read from .evtx files | Winlogbeat Reference [8.8] | Elastic or just put the powershell on a schedule and change it to clean up files it already processed to another folder etc.
Okay, that sounds good. But is it possbile with mutliple evtx-flies at once?
I dont know of a way to have it process mutliple evtx at once, but it will import them very fast.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
