Add Windows Logs remote collection via subscribe, like Fluentd with in_windows_eventlog2

[canob]

The only open source log collector in the market that can collect Windows logs remotely is Fluentd, with in_windows_eventlog2 plugin, that use https://github.com/fluent-plugins-nursery/winevt_c.

but sometimes Fluentd is not a lightweight option, and even being FluenBit a lightweight option, install and manage it (change config, update) on every Windows Endpoint is not the best alternative, compared to install it only on one server and collect all the needed logs from Windows remotely from one place.

The way that Fluentd implemented this is really simple:

channels security, application # channels to collect read_existing_events false # read_existing_events should be applied each of subscribe directive(s) remote_server 192.168.1.50 # Remote server ip/fqdn remote_domain DOMAIN # Domain name remote_username fluentd # Remoting access account name remote_password changeme! # Remoting access account password

I know that for Windows you have options like Windows Event Collection (WEC) - Windows Event Forwarding (WEF), but I think it is better to control everything related to log collection with FluentBit directly.

Collect Windows logs remotely can be a differential against other collector options, a feature that not many have.

[canob]

No news about this? after almost a year, I still think that collect Windows logs remotely can be a differential against other collector options, a feature that not many have.

[canob]

Every once in a while I cry in this post because they haven't added this functionality. :'(