Campaign: Feature Requests

LI Agent to collect Microsoft Event Viewer in XML format

Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft.

 

Given the LI agent supports CFAPI and/or syslog this means for CFAPI the entire event could be XML and for syslog it could be syslog prefix + XML for unstructured message

Submitted by

Tags

Type : New Feature

Voting

1 vote
Idea No. 482