Pushing EVTX logs to Graylog
Tags:
#1
craig.gaspara
We recently enabled logging on CIFS share hosted on our Netapp. The audit logs that are generated are stored on a network share currently in EVTX format (XML logs are also an option). I have a windows server that has NXLog installed and can mount the network share where the EVTX files are located. What is the best module to use get these EVTX or XML files into our Graylog server on a regular basis?
#1
craig.gaspara
We recently enabled logging on CIFS share hosted on our Netapp. The audit logs that are generated are stored on a network share currently in EVTX format (XML logs are also an option). I have a windows server that has NXLog installed and can mount the network share where the EVTX files are located. What is the best module to use get these EVTX or XML files into our Graylog server on a regular basis?
The NXLog Enterprise Edition supports reading .evtx files directly via the File config directive.
