Storing Windows Event Logs in XML with each event in a single file
Hi everyone. I need some help please. I have a requirement from the vendor Hunters where I need save Windows Event Logs in S3 in XML format, but it is mandatory one event per file. Is it possible configure this in Cribl?
Answers
-
One event per file will likely have you end up with millions of files and might cause trouble with too much connections, files etc... Do you need to collect ALL windows events for that or only a tiny subset?
0 -
This has been discussed before. Very difficult to achieve and I would strongly recommend against it. https://cribl-community.slack.com/archives/CPYBPK65V/p1661282080042919
0 -
Yeah, I also see that this is not a good option. I'm going to check with Hunters if there is some other better alternative.
0 -
Thanks for the quick feedback guys!!
0
