Ingest Windows eventlog: NXlog or Winlogbeat?

cdarsac · April 21, 2021, 9:05am

Hello the Forum !

For Ingesting Windows eventlog, I have trouble choosing between NXlog and Winlogbeat.

What do you advise me, knowing that I am looking for the simplest solution to implement?

Thank you in advance.

H2Cyber · April 21, 2021, 7:02pm

Winlogbeat, which is already wrapped inside Sidecar. Sidecar would give you central management from Graylog :

Get the latest Sidecar executable from : Releases · Graylog2/collector-sidecar · GitHub
Install the Sidecar on your Windows system (which includes Winlogbeat) : Graylog Sidecar — Graylog 4.0.0 documentation
Follow the step by step guide to configure it : Graylog Sidecar — Graylog 4.0.0 documentation
Enjoy

rfinney · April 23, 2021, 8:52pm

Winlogbeat. Easy to use and setup.

system · May 7, 2021, 8:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use graylog to view logs from multiple machines [Mainly Windows] Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	2	1083	October 30, 2020
What collector on sidecar use with winlogbeat with a graylog on debian 11? Graylog Central (peer support) sidecar , winlogbeat	11	1639	March 10, 2022
Graylog Sidecar Collector, NXLOG and Windows Events Graylog Central (peer support) sidecar	5	6680	February 16, 2017
Windows events to graylog server Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	3	4568	December 27, 2018
Active Directory Audit logs for accounts, DNS Graylog Central (peer support)	13	619	January 26, 2024