- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone used syslog-ng PE as a winevent collection server?
Has anyone else used syslog-ng PE as a winevent collection server?
In my scenario, I need to send winevents to Splunk and another application (as raw data). Unfortunately sending winevents via universal forwarders > heavy forwarders (HF) > indexers (cooked) and ... HF > 3rd party app (uncooked) is dropping events.
I am posting a previous comment in this question as a reference.
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Author :gergely_bodnar
You have mentioned syslogNG for "windows" which is part of the syslog-ng commercial offering (syslog-ng PE)
With syslog-ng PE there are two options for collecting windows logs,
- the Agent for Windows can gather locally then forward to remote syslog-ng server
- syslog-ng PE is capable to collect Windows events remotely utilising the Windows Event Collector framework.
With both solution you can feed splunk directly with syslog-ng without need any UF on the syslog side. You can use the HTTP destination to feed Splunk. Even more a dedicated Splunk destination will arrive in syslog-ng in this year supporting log batching and load balancing.
