Hi, in my environment I have a Dell EMC Unity File Server that generates audit logs as windows events: it creates an .evt file locally that can be viewed using “Connect to remote computer” function of windows event viewer.
Is there a way to forward these event logs to Graylog? I can not install nxlog agent on the file server because it it does not have a Windows operating system onboard; as far as I know windows events is the only audit log format for that File Server, so I was wondering if there is a way to use a real Windows Server as a “bridge”: Unity File Server forwards event logs to a Windows server, that forwards logs to graylog using nxlog agent. Do you think it is possible?
If you can forward the events from the UFS to a Windows server using WEF then yes, you should then be able to just use nxlog to ship the events into your Graylog instance from there,
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.