Windows .evt files to graylog
Tags:
#1
mathieurv
Has anyone succeed in sending .evt file content to graylog ?
Actually, I found that:
- Using im_file module I can parse .evt file and send its content outside, but logs are bad formatted
- Using im_vistalog module I can't parse .evt files only the Windows Event log, but logs are well formatted
Any advice someone ?
Maybe it is possible to send the ouput of im_file to im_vistalog ?
Thanks,
--
Mathieu
#1
mathieurv
Has anyone succeed in sending .evt file content to graylog ?
Actually, I found that:
- Using im_file module I can parse .evt file and send its content outside, but logs are bad formatted
- Using im_vistalog module I can't parse .evt files only the Windows Event log, but logs are well formatted
Any advice someone ?
Maybe it is possible to send the ouput of im_file to im_vistalog ?
Thanks,
--
Mathieu
.evt and .evtx files are in special binary format, collecting this with im_file will not work. The NXLog Enterprise Edition can read .evtx files directly with the im_msvistalog module.
