Hi There,
I am having windows server 2008 without AD. would like to forward wineventlogs from windows server 2008 to Heavy forwarder running on Linux. Have tried
1. Native WEF
2. Syslog-Ng
3.NXLog
All are not working since it all requires domain subscription and i dont have AD. Have written powershell script to export wineventlogs but dont know how to forward this log to HF running on RHEL. Kindly let me know how to proceed.
Thanks in Advance
Hi @Aleena,
let me understand:
If you can install a Universal Forwarder on that server, you should install on it the Splunk_TA_Windows (https://splunkbase.splunk.com/app/742/) and (enabling wineventlogs inputs) you can have all the wineventlogs you need.
Ciao.
Giuseppe
Hi @gcusello
Thanks for ur prompt response. i cannot able to install any agent on my windows server. already tried installing UF but i keeps failed. I want an agentless approach.
Thankyou,
Hi @Aleena,
if you must follow an agentless approach, you should use another windows server to enable WMI logs extraction.
Fo r more infos see at https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/ConsiderationsfordecidinghowtomonitorW...
I don't like WMI because it need a domain user with level grants, my hint is to try to use Universal Forwarder, but if it isn't possible another solution use WMI.
Ciao.
Giuseppe
Hi @gcusello
WMI involves domain user account and i dont have AD or domain controller. so cannot use it.
Thankyou
Hi @Aleena,
windows doesn't natively send syslogs, you should try to execute a powershell script on another windows system where you can install the Splunk Universal Forwarder, but it's a real porkaround!
I hint to try to explain to your customers why to use a Universal Forwarder and its advantages:
Ciao.
Giuseppe