onetime load of windows event file

billy_strath · Post by **billy_strath** » Tue Dec 03, 2019 8:32 am

What is the best way to upload a windows archived event file, one time (ie I have a copy of security.evtx from a machine and I want to upload it to analyse it better? Is that using NXLog and pointing to the file or using shipper.py?

Post by **cdienger** » Tue Dec 03, 2019 4:53 pm

Nxlog only seems to support uploading evtx files if you're using the Enterprise edition:

https://nxlog.co/products/additional-fe ... se-edition

It can still be used to upload the file if you're able to save the logs in a text format - csv for example. This method and using shipper would require some custom filters on the NLS side of things to make sure things were parsed correctly. I can look into this and get back to you as I think others would find it useful as well. If you're inclined to delve into this a bit more on your end, I suspect both https://assets.nagios.com/downloads/nag ... ilters.pdf and https://assets.nagios.com/downloads/nag ... -Files.pdf will be handy in setting this up.

billy_strath · Post by **billy_strath** » Wed Dec 04, 2019 9:54 am

thanks. If I save as CSV I don't get all the rich info in the details of the event, so I think I have to look at the enterprise version of nxlog. Bit of a shame.

scottwilkerson · Post by **scottwilkerson** » Wed Dec 04, 2019 10:07 am

If this is a one-off, you can request a trial of the EE of NXLog that may be long enough for you to get this ingested
https://nxlog.co/products/nxlog-enterprise-edition

Nagios Support Forum

onetime load of windows event file

onetime load of windows event file

Re: onetime load of windows event file

Re: onetime load of windows event file

Re: onetime load of windows event file