OS Information: graylog running on ubuntu 22.04 server
Package Version:5.1
I have read several articles on using nxllog and sysmon or Winlogbeat to capture windows event viewer logs and send to greylog
what I am NOT clear on is if I can do this without installing anything on the DC itself, as the logs I want to pull are from the Domain Controller.
can someone clear that up for me?
So normally you would have to install NXlog on the computer you are collecting the logs from. You could probably use windows event forwarding to send the logs to another box and collect them with nxlog on that box, but it would be way more complex. you also would HAVE to have sysmon running on the DC, I don’t think there is a way around that if you want the extra sysmon information.
thanks for the info.
