Multiple Microsoft EVT files
Tags:
nxlog EE Edition
#1
Fravocado
Hello,
I've read a few posts about ingesting multiple .evt files using the im_msvista module. Is there a way to do this?
I can point to one, but I need to look at several.
thank you! Franz
#1
Fravocado
Hello,
I've read a few posts about ingesting multiple .evt files using the im_msvista module. Is there a way to do this?
I can point to one, but I need to look at several.
thank you! Franz
Hello,
Unfortunately you can only use one `File` directive. You could use `include_stdout` directive to pull in your files as a script though.
Basically your script would need to build an `Input` instance for each file and output in a for loop, for instance.
https://nxlog.co/documentation/nxlog-user-guide/ref-config.html#config_general_include_stdout
`Write-Output` from PowerShell can do the task.
Something like the following maybe. Has not been tested.
```PowerShell
$files = Get-ChildItem 'C:\test\' -Filter *.evt
foreach ($f in $files){
$fname = $f.FullName
$name = $f.BaseName
Write-Output "`n Module im_msvistalog`n File $fname`n"
}
```
Please see the .cmd file in the DHCP Audit log section for how to embed a powershell script in CMD.
https://nxlog.co/documentation/nxlog-user-guide/windows-dhcp-server.html#collecting-dhcp-server-audit-logs
You will need to update your Route as well (or let the auto-built route handle it) .
That should work for you
