Read old Windows eventlog logs
Description
discovered while testing
testing discovered
Gliffy Diagrams
Activity
Romain Lapoux June 10, 2015 at 6:31 AM
Can be merged and/or tested by others.
Romain Lapoux June 4, 2015 at 7:31 AM
Updated for logstash 1.5.0:
https://github.com/logstash-plugins/logstash-input-eventlog/pull/13
In test.
Romain Lapoux July 18, 2014 at 9:03 AM
Any news about the testing?
We use my last version on 100 servers (2008 R2 and 2012 R2), without issue. It's more than 500 000 eventlog per day during last month.
Romain Lapoux June 5, 2014 at 12:53 PM
All previous version replaced by:
https://github.com/elasticsearch/logstash/pull/1419
Changelog:
No gem or Win32OLE required, use "win32/registry" and FFI (integrated in JRuby)
Not use WMI (memory leak in svchost.exe because of Security Token)
Optimized memory and fixed some memory leak
More compatible with old version
Fix crash/memory leak on build Description
Fix crash on registry with null byte
Romain Lapoux May 28, 2014 at 9:15 PMEdited
New version:
https://github.com/elasticsearch/logstash/pull/1411
Need this last version of gem win32/eventlog:
https://github.com/djberg96/win32-eventlog
Is there a way to read old event logs with eventlog input plugin?
It would be nice if that plugin had the below 3 parameters, like file input plugin:
start_position
sincedb_write_interval
sincedb_path