Skip to content

markkurossi/lgrep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
docs
docs
 
 
server
server
 
 
syslog
syslog
 
 
wef
wef
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.adoc
README.adoc
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

LGrep - Syslog Collector and Analyzer

LGrep implements syslog and Windows Event Forwarding (WEF) collectors, feeding data to Datalog analysis engine.

Configure Remote System Logging with Rsyslog

Ubuntu

Edit the /etc/rsyslog.d/10-rsyslog.conf file:

*.* @10.0.2.2:1514

Restart the rsyslog service:

$ service rsyslog restart

CentOS

Edit the /etc/rsyslog.conf file:

*.* @10.0.2.2:1514

Restart the rsyslog service:

$ service rsyslog restart

Configure Remote System Logging with Windows Log Forwading

Open Local Group Policy Editor (gpedit.msc) and navigate to:

Local Computer Policy
|
+-Computer Configuration
  |
  +-Administrative Templates
    |
    +-Windows Components
      |
      +-Event Forwarding

Open Configure target Subscription Manager:

  1. Check Enabled

  2. Open SubscriptionManagers with the Show…​ button

  3. Configure target subscription manager with the value:

    Server=https://<FQDN/IP of collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<seconds>,IssuerCA=<Thumbprint of the CA issuing TLS client authentication certificate>
    winrm qc -transport:https

About

Syslog collector and analyzer.

Topics

go golang datalog windows-eventlog syslog-server

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages