Understand. It is one of our candidates. Just discovered one of your latest posts regarding Windows Events forwarding. :-) https://rainer.gerhards.net/2019/10/rsyslog-integrating-windows-event-log-via-udp.html
Still interesting whether some other users have experience with other software. -- Peter On Mon, Aug 24, 2020 at 4:47 PM Rainer Gerhards <[email protected]> wrote: > For obvious reasons, I recommend the rsyslog Windows Agent ;-) > > https://www.rsyslog.com/windows-agent/ > > Rainer > > El lun., 24 ago. 2020 a las 16:17, Peter Viskup via rsyslog > (<[email protected]>) escribió: > > > > Does anyone have experience of handling WEC messages from Windows clients > > in (r)syslog infrastructure? > > The standard way is to install some Windows syslog agent which forwards > > Windows events to syslog infrastructure. What Windows syslog agent do you > > use? > > > > Might be interesting to see something like the imwec module. > > > https://docs.microsoft.com/en-us/windows/win32/wec/using-windows-event-collector > > The same way the syslog-ng PE implemented it. > > > https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.17/windows-event-collector-administration-guide/log > > They switch from developing Windows Syslog agent to WEC input module for > > syslog-ng server which I find the best way of handling this type of data > > flow. > > > > -- > > Peter > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
