Read from multiple folders with multiple files with .evtx
Anbers
Hi all!
Actually i have this config in a server to get windows event and send to a graylog:
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _gelf>
#Module xm_syslog
Module xm_gelf
#Module xm_json
</Extension>
<Input in1>
Module im_msvistalog
# Uncomment the following to collect specific event logs only
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
<Exec>
if $Channel == 'Security' and $ObjectName =~ /.tmp/ drop();
</Exec>
</Input>
<Output out>
Module om_udp
Host 11x.11x.11x.11x
Port 12201
#Exec to_syslog_snare();
OutputType GELF
</Output>
<Route 1>
Path in1 => out
</Route>
But i want to know if exist any method to read a lot a .evtx files in a folder and send to graylog. I need help with this because i dont know what is the best "input modules" i need
Thanks!
