<@U024YPBKMC5> I'm currently pulling Security log ...
# fleetm
Mystery Incorporated
06/24/2021, 11:09 AM@Silvano Ngacha I'm currently pulling Security log so perhaps I can help you do the same with Application log?
s
Silvano Ngacha
06/24/2021, 1:50 PMI will greatly appreciate your assistance.
We can start with the security logs before moving to other logs.
m
Mystery Incorporated
06/24/2021, 4:25 PM@Silvano Ngacha ok so I'm using the publisher/subscriber built into osquery specifically to read the Windows Event logs. So it's not reading custom application logs, are you wanting to read windows event logs or other ones? I don't know about other ones
s
Silvano Ngacha
06/28/2021, 6:10 AM@Mystery Incorporated Thanks. Unfortunately, we are reading Linux logs
m
Mystery Incorporated
06/28/2021, 6:21 AM@Silvano Ngacha you might want to think about a log shipper like Filebeat in that case, I used to use Filebeat to ship osquery logs until just now I've started using fleet instead for the osquery logs. but osquery isn't really a log shipper I believe.
s
Silvano Ngacha
06/28/2021, 6:42 AM@Mystery Incorporated I am using logstash to ship logs to elastic search. My challenge is on how to access application specific logs.
2 Views