Hi,
I am trying to figure out how I can ingest specific Event IDs into R7IDR however I am not seeing where I can do this. I have seen a few other posts that all point to using nxlog, however preferrably I would like to use the agent itself. These event IDs are not the usual IDs that the agent collects and they are not included in the ‘Generic Windows Event Log’ event source either.
Is there any way to collect Event ID logs in Applicaitons and Service logs within Event Viewer?
Thanks!
Hi, I don’t think you can do this without the use of NXlog. You could use logging.json as described at the link below, but there are disadvantages (as described in the Before you Begin section) and you’ve mentioned specific events and this method pulls everything so probably doesn’t help you.
Configure the Insight Agent to Send Additional Logs | InsightIDR Documentation (rapid7.com)
It’s something I’ve wanted to do in the past and i’ll be keeping an eye on this topic just in case there is something i’ve missed though!