Title
#fleet
Mystery Incorporated

Mystery Incorporated

06/24/2021, 11:09 AM
@Silvano Ngacha I'm currently pulling Security log so perhaps I can help you do the same with Application log?
s

Silvano Ngacha

06/24/2021, 1:50 PM
I will greatly appreciate your assistance. We can start with the security logs before moving to other logs.
Mystery Incorporated

Mystery Incorporated

06/24/2021, 4:25 PM
@Silvano Ngacha ok so I'm using the publisher/subscriber built into osquery specifically to read the Windows Event logs. So it's not reading custom application logs, are you wanting to read windows event logs or other ones? I don't know about other ones
s

Silvano Ngacha

06/28/2021, 6:10 AM
@Mystery Incorporated Thanks. Unfortunately, we are reading Linux logs
Mystery Incorporated

Mystery Incorporated

06/28/2021, 6:21 AM
@Silvano Ngacha you might want to think about a log shipper like Filebeat in that case, I used to use Filebeat to ship osquery logs until just now I've started using fleet instead for the osquery logs. but osquery isn't really a log shipper I believe.
s

Silvano Ngacha

06/28/2021, 6:42 AM
@Mystery Incorporated I am using logstash to ship logs to elastic search. My challenge is on how to access application specific logs.