Parsing Windows Firewall Logs via Sidecar/Nxlog

Took some digging and help from a colleague to get this dialed in, so I thought I’d share it. I started pulling in Windows localhost Firewall logs and wanted to parse out the fields using Nxlog config rather than Input extractors on my Graylog hosts, push the workload to the client.

So I learned that the magic happens via the xm_csv module. On my Collector config -> Nxlog, I have what you see in the photo below.

Then on my Input I added the one line Verbatim config and voila.

Exec csv->parse_csv();

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.