Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Windows Event Log support #3887
Testing the new logger plugin
Things to keep in mind
Any feedback is really appreciated!
As @theopolis mentioned, I think the last big component we'd need for this is to get more of the rendered files contained under the
tools directory. How about making a new folder under
wel, and putting the manifest and rendered
.bin files there, and then rename
windows_event_log_manifest to be just
windows_event_log and keep just implementation details and files in this directory to stay consistent with the other logger plugins.
I've moved the files in the tools/wel directory, but I still have an issue; the absolute path of the osquery executable must be written inside the manifest (see line 5 in tools/wel/osquery.man) before we compile everything.
Right now, I'm using the installation path for the chocolatey package, but it will not work with the MSI if it is being installed elsewhere.