I am having windows server 2008 without AD. would like to forward wineventlogs from windows server 2008 to Heavy forwarder running on Linux. Have tried
1. Native WEF
All are not working since it all requires domain subscription and i dont have AD. Have written powershell script to export wineventlogs but dont know how to forward this log to HF running on RHEL. Kindly let me know how to proceed.
Thanks in Advance
let me understand:
If you can install a Universal Forwarder on that server, you should install on it the Splunk_TA_Windows (https://splunkbase.splunk.com/app/742/) and (enabling wineventlogs inputs) you can have all the wineventlogs you need.
if you must follow an agentless approach, you should use another windows server to enable WMI logs extraction.
I don't like WMI because it need a domain user with level grants, my hint is to try to use Universal Forwarder, but if it isn't possible another solution use WMI.
windows doesn't natively send syslogs, you should try to execute a powershell script on another windows system where you can install the Splunk Universal Forwarder, but it's a real porkaround!
I hint to try to explain to your customers why to use a Universal Forwarder and its advantages: