Does anyone have experience of handling WEC messages from Windows clients
in (r)syslog infrastructure?
The standard way is to install some Windows syslog agent which forwards
Windows events to syslog infrastructure. What Windows syslog agent do you
use?
Might be interesting to see something like the imwec module.
https://docs.microsoft.com/en-us/windows/win32/wec/using-windows-event-collector
The same way the syslog-ng PE implemented it.
https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.17/windows-event-collector-administration-guide/log
They switch from developing Windows Syslog agent to WEC input module for
syslog-ng server which I find the best way of handling this type of data
flow.
--
Peter
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
in (r)syslog infrastructure?
The standard way is to install some Windows syslog agent which forwards
Windows events to syslog infrastructure. What Windows syslog agent do you
use?
Might be interesting to see something like the imwec module.
https://docs.microsoft.com/en-us/windows/win32/wec/using-windows-event-collector
The same way the syslog-ng PE implemented it.
https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.17/windows-event-collector-administration-guide/log
They switch from developing Windows Syslog agent to WEC input module for
syslog-ng server which I find the best way of handling this type of data
flow.
--
Peter
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.