Import Windows events stored as syslog in PCAPs

m4rkus · February 11, 2020, 11:26am

Hi,

I have PCAP files (hundreds of GB:s) with recorded syslog traffic (UDP/514) containing log events from Windows hosts. I would like to import and parse the data in Graylog. I would also like to preserve the PCAP timestamps and store those as an additional field for each log message, if possible. Which option(s) would you suggest?

Thanks!

system · February 25, 2020, 11:26am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to manage events that include packet captures? Graylog Central (peer support)	4	1503	June 10, 2019
Graylog2 and rsyslog Graylog Central (peer support)	2	451	February 12, 2024
Problem with syslog formating Graylog Central (peer support)	2	109	July 29, 2024
Get logs from inputs Graylog Central (peer support)	6	942	September 12, 2017
Graylog and private IP sources for syslog Graylog Central (peer support)	1	375	September 9, 2020

Import Windows events stored as syslog in PCAPs

Related topics