Monitoring folder from a remote windows host (encrypted) over the internet

I want to send logs over the internet from our clients Windows computer to our internal graylog server. Does anyone have any recommendations on what I should install on the remote host to monitor a specific folder and send the encrypted logs securely over the wire? Initially, I tried Splunk Universal Forwarder but I ran into problems and wanted to seek some advice. I also tried nxlog but then read I’d have to also incorporate Graylog Collector Sidecar (which seems confusing to me)

As for the Graylog server, its fully configured and the networking portion should be pretty straight forward.

In summary, i need recommendations on what i should install on client computer to send the logs (from a monitored folder).

You can use Filebeat or Winlogbeat for that.

No, you don’t need the Graylog Collector Sidecar to run NXLOG. It does simplify the management of log collectors, though.

Will they be encrypted while in transit over the internet?

Yes, Filebeat supports TLS:
https://www.elastic.co/guide/en/beats/filebeat/5.6/configuring-ssl-logstash.html

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.