Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
NOTE:
Add app_config option to parse out sysmon EventData Field and add it to end Key_Value config after EVENTData field as its own string.
HOW:
Should be done before String Replaces. Add to EventLog_EntryClass as "Sysmon_EventData_Parsed"=""; When retrieved for log output it will as if Settings class has it to true if no nothing is returned if yes the parameter will if (true) parse EventData field for it in EventLog_Entry Class.
NOTE: Add app_config option to parse out sysmon EventData Field and add it to end Key_Value config after EVENTData field as its own string.
HOW: Should be done before String Replaces. Add to EventLog_EntryClass as "Sysmon_EventData_Parsed"=""; When retrieved for log output it will as if Settings class has it to true if no nothing is returned if yes the parameter will if (true) parse EventData field for it in EventLog_Entry Class.
TODO: