Hello @gsmith,
Thank you very much for this very fast reply.
So, let me try to explain better, I have a DLP solution that does not export all the security events through Syslog, So I was thinking in collect this data directly from the DB tables.
From the information I gathered from my research I have seen that this is not a usual task, so I’m very interested in all the approaches that I could get, like exporting the table information to a txt (just as an example) and using another application like beat/Nxlog as you have told me, to get the information and send to Graylog.
And answering your question, yes, it is an application that runs over a Windows OS and the database is an MSSQL instance.
The data that I want its things like the name of the endpoint, name of the user, date and time, name of the file, file operation, and so on, this event data is very rich to some behavior analysis and alerting that I want to try to use Graylog to process this information.
Thanks again for the help, and I will read the posts that you have indicated.