@Silvano Ngacha I'm currently pulling Security log so perhaps I can help you do the same with Application log?
s
Silvano Ngacha
06/24/2021, 1:50 PM
I will greatly appreciate your assistance.
We can start with the security logs before moving to other logs.
m
Mystery Incorporated
06/24/2021, 4:25 PM
@Silvano Ngacha ok so I'm using the publisher/subscriber built into osquery specifically to read the Windows Event logs. So it's not reading custom application logs, are you wanting to read windows event logs or other ones? I don't know about other ones
s
Silvano Ngacha
06/28/2021, 6:10 AM
@Mystery Incorporated Thanks. Unfortunately, we are reading Linux logs
m
Mystery Incorporated
06/28/2021, 6:21 AM
@Silvano Ngacha you might want to think about a log shipper like Filebeat in that case, I used to use Filebeat to ship osquery logs until just now I've started using fleet instead for the osquery logs. but osquery isn't really a log shipper I believe.
s
Silvano Ngacha
06/28/2021, 6:42 AM
@Mystery Incorporated I am using logstash to ship logs to elastic search. My challenge is on how to access application specific logs.