fluent-plugin-windows-eventlog
fluent-plugin-windows-eventlog copied to clipboard
fluent
Fluentd plugin to collect windows event logs
We noticed our Elastic couldnt parse some logs coming from the Powershell channel, and after some investigation and getting the clean json log directly from `windows_eventlog2` and file output we...
The `from_encoding` parameter was removed from the `in_windows_eventlog2` plugin in commit cddc2f42a771b0b2a1c834681346a429c0464f86 . However, this parameter is still present in the README. When using this parameter in a fluentd config,...
A related issue can be found here: https://github.com/fluent/fluent-plugin-windows-eventlog/issues/57 Hopefully this provides more detail and how to reproduce the issue. **Fluentd version 1.16.1** **Describe the bug** If the position file is...
Hello, i'm running fluentd (`1.10.2`) using td-agent (`3.7.1`) on Windows 2016 My FluentD config looks like: ``` flush_interval 1s host xxx port 12345 protocol udp @type gelf @type record_transformer message...
### Describe the bug If the position file is opened by another process, such as an antivirus utility, then the temporary files generated during that time are abandoned and continue...
**Is your feature request related to a problem? Please describe.** FluentD can run within a container on Windows. But when running in this mode, this plugin cannot get the underlying...
I think `parse_description true` is broken. My config: ``` @type windows_eventlog2 @id windows_eventlog2 channels Windows PowerShell,Microsoft-Windows-Sysmon/Operational,Security tag winevt.raw render_as_xml true parse_description true read_existing_events false @type local persistent true path C:\opt\td-agent\winlog.json...
I looked in the code and it does not appear that this plugin handles the BufferOverflowException like "in_tail" does. What is the behavior if this occurs? What is the recommended...
Hi. When parse_description is false, eventdata will be added to message, but only values. Example: `"EventData":["2478079","2023-02-03","200","Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/109.0.0.0+Safari/537.36+Edg/109.0.1518.78"]}` But in xml: `` `2478079` `2023-02-07 ` `200` `Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/109.0.0.0+Safari/537.36` `` Is it possible to...
Parse_description, does not parse sysmon description::key. Cause the delimiter over there is specified by /r/n Is it possible to have a support for sysmon, to parse_description?
