1 Reply Latest reply on Aug 6, 2018 11:57 PM by RonnyNorway

    Filelog evtx to Loginsight Server

    sroethlisberger Lurker

      Hello Everyone

      I have a little problem.
      I want to forward evtx logs to my Loginsight Server.

      The logs are stored on a networkdrive.

      I temporary copied the log to a local path (Which the Loginsight agent is installed). but the logs dont' arrive to the loginsight server (I find no errors in the logs you can find it in the attachment  )

      2018-01-22 11:29:56.008096 0x00000eb4 <trace> WinLogCollector:304| WinLogMonitor thread begin
      2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:49  | Configuration of filelog is done
      2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:56  | Starting filelog
      2018-01-22 11:29:56.008096 0x00001ad0 <trace> Logger:147         | Thread "ThreadPool" has id 0x00001ad0
      2018-01-22 11:29:56.008096 0x00001bdc <trace> FLogCollectorEx:477| Subscribed to channel <netapp>.
      2018-01-22 11:29:56.008096 0x000044d0 <trace> Logger:147         | Thread "DirectoryMonitorEx" has id 0x000044d0
      2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:59  | Started filelog
      2018-01-22 11:29:56.008096 0x00005714 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00005714
      2018-01-22 11:29:56.008096 0x00001bdc <trace> DataController:100 | Configuring transport...
      2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:297         | Configuration key [server].proto is not specified. Using default: cfapi
      2018-01-22 11:29:56.008096 0x00001bdc <trace> DataController:163 | Creating cfapi transport
      2018-01-22 11:29:56.008096 0x00003f88 <trace> Logger:147         | Thread "DirectoryMonitorEx Polling" has id 0x00003f88
      2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:287         | Read config param [server].hostname = loginsight.tdlz2.tankred.ch
      2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:346         | Configuration key [server].ssl is not specified. Using default: yes
      2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:252         | Configuration key [server].port is not specified. Using default: 9543
      2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:252         | Configuration key [server].reconnect is not specified. Using default: 30
      2018-01-22 11:29:56.008096 0x00002d10 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00002d10
      2018-01-22 11:29:56.008096 0x00003e58 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00003e58
      2018-01-22 11:29:56.008096 0x00003598 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00003598
      2018-01-22 11:29:56.039342 0x00001bdc <trace> DataController:104 | Starting transport...
      2018-01-22 11:29:56.039342 0x00004bc0 <trace> Logger:147         | Thread "CFApiTransport" has id 0x00004bc0
      2018-01-22 11:29:56.039342 0x00004bc0 <trace> CFApiTransport:130 | Connecting to server loginsight.tdlz2.tankred.ch:9543
      2018-01-22 11:29:56.039342 0x00001bdc <trace> AgentDaemon:422    | AgentDaemon configured successfully
      2018-01-22 11:29:56.039342 0x00001bdc <trace> AgentDaemon:367    | AgentDaemon started successfully
      2018-01-22 11:29:56.242474 0x00004bc0 <trace> CFApiTransport:150 | Connection successfully established

      Can anybody help me?

       

      Kind regards

      Steve