Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Export Windows Event LOG

robertocapizzo9
Loves-to-Learn
‎03-16-2021 12:29 PM

Hi,
I need to import the security and application logs of many windows servers to splunk, but for security reasons I cannot install a splunk universal forwarder instance, I read on the splunk documentation that it is not recommended to use wmi to import the logs .. .
What do you recommend?

thanks!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-16-2021 12:43 PM

Start by telling your Security people that you'll be using Splunk to monitor WinEventLog:Security, which will *enhance* the security of those servers.  They probably won't care, but at least then you'll know what hypocrites they are.

Another possibility is to forward the Windows events to another server that can run a UF.  See https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-... for more about event forwarding.

Still another possibility that I've never seen done is to forward the Windows events in HTTP protocol directly to a HEC input.  See the same link above.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...