Pushing EVTX logs to Graylog

View thread

craig.gaspara

We recently enabled logging on CIFS share hosted on our Netapp. The audit logs that are generated are stored on a network share currently in EVTX format (XML logs are also an option). I have a windows server that has NXLog installed and can mount the network share where the EVTX files are located. What is the best module to use get these EVTX or XML files into our Graylog server on a regular basis?