How to read evtx file from remote server using winlogbeat? I have access to evtx path in the server. But i dont have access to execute winlogbeat agents in the remote server.
Winlogbeat does not support reading directly from a .evtx file.
One alternative would be to configure event forwarding and run Winlogbeat on the collector machine. https://msdn.microsoft.com/en-us/library/bb427443(v=vs.85).aspx
2 Likes
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.