Hi All,
I'm currently in the process of integrating the forwarder with the SIEM system.
I've successfully installed the forwarder on my Ubuntu machine, and I also have administrative access to the SIEM platform. Could someone please provide guidance on how to forward logs from the source to the forwarder and then from the forwarder to the SIEM? If there's any documentation or a guide available, I would greatly appreciate it. Thank you in advance.
View files in slack
How to forward logs from the source to the forwarder and then from the forwarder to the SIEM?
+3+3
You will need to use the Chronicle CLI to create a forwarder configuration.
https://cloud.google.com/chronicle/docs/administration/cli-user-guide
+3
I havent used the forwarder file setting for log ingestion yet. We use NXlog to monitor log files and have it send the logs to the Chronicle forwarder.
Their documentation explains how to use NXlog.
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-windows-ad
+4
It looks like you are trying to pull in Windows logs based on your screenshots, I would review the docs
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-windows-events
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.