topic Remote windows event log to linux splunk server in Getting Data In

Remote windows event log to linux splunk server

topscms — Thu, 15 Jul 2010 02:57:53 GMT

I require to monitor windows event logs on my linux splunk server. I realize that i will likely have to convert the windows event logs to syslog-type logging -- does splunk recommend a software package to do this?

I'd like to do whatever splunk recommends works best with their system.

Re: Remote windows event log to linux splunk server

Genti — Thu, 15 Jul 2010 03:09:05 GMT

i think the best thing will be installing splunk as a forwarder on the windows box that you are trying to monitor. Set the unix box as a receiver to accept connections from the windows forwarder. This way you can install the windows app in both forwarder and receiver and be able to do a whole lot more..

Re: Remote windows event log to linux splunk server

Looke0815 — Tue, 23 Aug 2011 19:33:05 GMT

You could use eventlog-to-syslog: http://code.google.com/p/eventlog-to-syslog