Does anyone have experience of handling WEC messages from Windows clients in (r)syslog infrastructure? The standard way is to install some Windows syslog agent which forwards Windows events to syslog infrastructure. What Windows syslog agent do you use?
Might be interesting to see something like the imwec module. https://docs.microsoft.com/en-us/windows/win32/wec/using-windows-event-collector The same way the syslog-ng PE implemented it. https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.17/windows-event-collector-administration-guide/log They switch from developing Windows Syslog agent to WEC input module for syslog-ng server which I find the best way of handling this type of data flow. -- Peter _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
