What is everyone doing to ingest additional windows event logs that the Agent doesn’t pull in from remote assets? Most of our workforce is remote, and you don’t have constant line-of-sight to a log server, etc.
Currently we’re using the logging.json file to send everything. I’d like to move away from that as it is noisy and can impact the agent too, I believe.
Is there any way to use nxlog to go directly to the insight platform or are people using a proxy somehow to a collector?
Example windows Event 4735 or 4734