Collect Windows Event Log
I have configured a Windows Unified Smart connector and the connector is collecting logs that are getting generated on the server's Event Viewer (Windows Domain Controller).
I would like to collect the logs before the installation of the smart connector, is this possible? I have the evtx files (Security.evtx in my case) of events prior to the installation of the connector available.
I followed this link:
but LogParser 2.2 the logs did not appear correctly and add unwanted strings to the output file.
if I exported the logs from the evtx format viewer in txt format, would there be a smart connector that performs the parser (or, in any case, collections it correctly)?
If I understand. You need logs from beginning of logging on host?
You my try Advanced Configuration Parameter startatend=false
See WUC documentation page 36-37
I have a windows domain controller from which I want to collect the logs (Security Log).
I installed the connector today (November 30, 2018), but I would like to import (collect) the logs (for example) of 1 October 2018 (of which I have the backup file Security.evtx). How can I get backup logs to the connector?
Have you tried the solution mentioned in this link:
It seemed to work for the guy who asked a similar question.
Furthermore in your delimited parser (fairly simple) you should map the ETVX fields to the same fields as parsed by the WINC/WUC connector.