search

Octopussy-Project / Octopussy

Octopussy - Open Source Log Management Solution
https://octopussy.pm
GNU General Public License v3.0
153 stars 28 forks source link

windows 2012 #632

Open davo1234 opened 9 years ago

davo1234 commented 9 years ago

Hi all, I'm trying to figure out a method to pull Windows Server 2012 event logs into Syslog format (for Octopussy), has anyone figured this out? I can only get Snare to do 2003 & 2008 logs.

If there isn't a method then I guess this is a feature request :) Windows Server is a very popular operating system, that has a near total lack of standardisation, Octopussy fills one of these gaps nicely! Suddenly I can get all my firewall, application, DHCP (yep, Winders DHCP which is incompatible with Winders Event Log) and all other logs in one spot.

Dave

sebthebert commented 9 years ago

Hi,

yes, you're right... Unfortunately, the OpenSource version of Snare doesn't support Windows 2012 ! :(

After some googling, it seems that 'Datagram SyslogAgent' could be used for Windows 2012

I'm interested to have your feedback about this Windows agent.

eeskam commented 3 years ago

I know this is old but FluentD also seems to have a Windows Plugin that will read the logs and then a Syslog plugin to output them to syslog (which Octopussy could then ingest)

https://github.com/fluent/fluent-plugin-windows-eventlog https://github.com/dlackty/fluent-plugin-remote_syslog