Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

支持解析Windows Event日志格式 #213

Closed
darkr4y opened this issue Nov 22, 2017 · 3 comments
Closed

支持解析Windows Event日志格式 #213

darkr4y opened this issue Nov 22, 2017 · 3 comments
Labels
feature request

Comments

@darkr4y
Copy link

darkr4y commented Nov 22, 2017

包括 Nt5 下的 evt 格式
以及 Nt6 下的 evtx 格式
@wonderflow
Copy link
Contributor

@darkr4y 可以发一些日志的样例吗

@darkr4y
Copy link
Author

darkr4y commented Mar 1, 2018

  1. http://www.forensicswiki.org/wiki/Windows_Event_Log_(EVT)
  2. http://www.forensicswiki.org/wiki/Windows_XML_Event_Log_(EVTX)

@wonderflow
Copy link
Contributor

logkit支持grok的方式配置解析 https://github.com/qiniu/logkit/wiki/Grok-Parser
可以配置一个grok的Pattern: https://stackoverflow.com/questions/33390900/logstash-parse-windows-event-id-1102?rq=1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wonderflow @darkr4y