Parsing Windows Firewall Logs via Sidecar/Nxlog

(John Buchanan) #1

Took some digging and help from a colleague to get this dialed in, so I thought I’d share it. I started pulling in Windows localhost Firewall logs and wanted to parse out the fields using Nxlog config rather than Input extractors on my Graylog hosts, push the workload to the client.

So I learned that the magic happens via the xm_csv module. On my Collector config -> Nxlog, I have what you see in the photo below.

Then on my Input I added the one line Verbatim config and voila.

Exec csv->parse_csv();