XML files from event viewer


#1

Quick question:

If I download my logs from the event viewer in a XML format, would I be able to feed it to Graylog and analyse the logs?


(Jochen) #2

If you wrote an importer or had a converter which converts that XML into a format understood by Graylog, that would work.

Graylog doesn’t support EVTX out of the box, but you might find some useful programs at https://www.forensicswiki.org/wiki/Windows_XML_Event_Log_(EVTX).

This being said, please share your findings so that other users with the same problem can profit from your experience.


#3

thanks for the swiftly response.
I am a intern and don’t know much about Graylog -

Are you saying that Graylog will be able to understand the XML files as long as these XML files are converted into another format that is understood by Graylog?

So if I convert the XML file onto a HTTP, would that be ok?


(Jochen) #4

Graylog doesn’t support ingesting XML documents out of the box.

You’ll have to convert them into a format supported by Graylog such as GELF:
http://docs.graylog.org/en/2.4/pages/gelf.html


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.