Add Data from Windows Machines
- XPLG Team
There are many Windows based logs which are of interest to be collected, analyzed and monitored.
The purposes may be -
Centralized Monitoring: Collect all Windows logs to a centralized repository for easier management.
Efficient Troubleshooting: XPLG helps you to resolve issues by analyzing events and pinpoint errors.
Fast and Powerful Search: Instantly find what you need in the logs with a custom-built search engine.
Advanced Analytics: Automatically generate deep insights on system health, performance, and security.
Anomaly Detection: Detect unusual patterns using AI&ML to spot potential threats or malfunctions.
Automated Response: like sending alerts, running scripts, or notifying teams based on log data.
Comprehensive Reporting: Create visual dashboards and reports to share key insights.
Log Archiving & Management: Archiving, forwarding, or deleting logs as needed.
Which files can be added?
You can add various types of logs from a Windows-based machine to XPLG.
For example XPLG supports: Windows Event Logs, IIS logs, application-specific logs, and any other textual logs.
What Can XPLG Do with Your Windows Logs?
Once logs are added to XPLG, you unlock a range of powerful features, including:
Parsing: XPLG automatically analyzes the logs and extracts the important information.
Indexing: Logs are indexed, making it easy to search through large amount of data.
Analytics & Statistics: XPLG can generate analytics and statistical insights based on the data.
Machine Learning & AI: XPLG uses built-in AI and ML algorithms to detect anomalies in the log data.
Error Detection: XPLG comes with a signature-based engine to identify known and common errors.
Automated Actions: You can set up XPLG to automatically take actions based on the data, such as:
Sending alerts (e.g., via email, Slack, or Teams).
Running scripts on remote servers.
Sending API requests.
Reports & Dashboards: Create visual reports, dashboards, charts to display the information clearly.
Archiving & Forwarding: You can archive data for long term to meet regulations standards, or forward the logs to another location.
Much More: Correlation between events , integrating with other systems, File Transfer, etc.
How to add Windows Logs to XPLG?
There are two approaches to add Windows logs to XPLG, depending on your environment, such as:
Pull Method (agent-less): XPLG takes the initiative and actively connects to the Windows machines, reads the data, and collects data incrementally and efficiently, without impact on the source machines.
In order to use Pull Method (agent-less) you should have at least one XPLG instance that is running on a Windows machine in the domain you collect data from, as it uses Windows native protocols to read data.Push Method: Deploy a light weight log shipper that sends logs directly to XPLG in real time.
Summary
If your XPLG instance/cluster runs on Windows OS then you can use both method (pull/push) to collect and process Windows data directly.
If your XPLG instance/cluster runs on Linux OS then you have the following options:
Pull - install a single XPLG on Windows machine as a proxy and connect it to the Linux instance/cluster over HTTPS to pull the data.
Push - use log shipper to send data directly to XPLG.
Useful Links:
Send Logs From A Windows Machine Directly To Windows\Linux-Based XPLG Via Fluent-bit.
push method: Using Fluent Bit To Forward Logs to PortX
Send Logs From A Windows Machine To A Linux-Based XPLG Via XPLG Agent
Pull Method: Sending Windows Logs To XPLG Using An Agent
Send Logs From A Windows Machine To A Linux-Based XPLG Through A Non-Agent XPLG Instance
Pull Method: Send Logs From A Windows Machine To XPLG Via Non-Agent XPLG
Retrieve Windows Logs From The Machine XPLG Is Installed On.
Pull Method: https://xpolog.atlassian.net/wiki/spaces/XPOL6/pages/1607435712
Windows-Based XPLG Uses Windows Authentication Account to Access Domain Logs
Pull Method: Adding a Windows Network Log