Comments (5)
cosmo0920
commented on August 23, 2024
Hmm.., we can implement this feature request with https://rdoc.info/gems/winevt_c/0.7.0/Winevt%2FEventLog%2FChannel:each.
from fluent-plugin-windows-eventlog.
philipsabri
commented on August 23, 2024
Hmm.., we can implement this feature request with https://rdoc.info/gems/winevt_c/0.7.0/Winevt%2FEventLog%2FChannel:each.
Oh did not know that one worked like that. Seemse to be really easy to implement this. If you are not already on it I can try to get it done tomorrow.
from fluent-plugin-windows-eventlog.
philipsabri
commented on August 23, 2024
Do you know if there is a max amount of channel it can subscribe to? Feels like this picks up way to many channels which gives me error 50:
2020-02-26 10:57:54 +0100 [error]: #0 config error file="etc/td-agent/td-agent.conf" error_class=Fluent::ConfigError error="Invalid Bookmark XML is loaded. ErrorCode: 50\nError: Beg\u00E4ran st\u00F6ds inte.\r\n\n"
It picked up over 1000 channels
EDIT: Seemse like its some of the channels that isnt avaible to subscribe to. Comparing this to my powershell script it feels like all these channels doesnt even exist in the event viewer program. I get about 150 channels from powershell.
EDIT 2: Did a rescue around the subscribe_channel(ch, read_existing_events) so I could get all the working channels, and there were 440 working channels, out of 1100... In theory this would work fine, doesnt take to long and would only do this if we have like "read_all_channels = true", because then all the channels that doesnt work shouldnt be there anyway
List of all the non-working channels
from fluent-plugin-windows-eventlog.
cosmo0920
commented on August 23, 2024
Do you know if there is a max amount of channel it can subscribe to? Feels like this picks up way to many channels which gives me error 50:
2020-02-26 10:57:54 +0100 [error]: #0 config error file="etc/td-agent/td-agent.conf" error_class=Fluent::ConfigError error="Invalid Bookmark XML is loaded. ErrorCode: 50\nError: Beg\u00E4ran st\u00F6ds inte.\r\n\n"
This should be Debug or Analytical EventLog channel case, I guess:
https://github.com/PowerShell/PowerShell/blob/master/src/Microsoft.PowerShell.Commands.Diagnostics/GetEventCommand.cs#L627-L633
This skipping feature for Debug or Analytical cases is not implemented in winevt_c.
We should implement it first instead of just using Pokemon exception handling.
from fluent-plugin-windows-eventlog.
cosmo0920
commented on August 23, 2024
#48 is merged. Closing.
from fluent-plugin-windows-eventlog.
Related Issues (20)
- Switching from windows_eventlog to windows_eventlog2 causes "no implicit conversion of Array into String" errors HOT 2
- windows_eventlog2 pos temp files orphaned HOT 2
- windows_eventlog2 pos temp files orphaned HOT 1
- Fluentd workers SIGSEGV for specific Windows events channels (security and powershell events) HOT 4
- Installing on Ubuntu HOT 4
- Parsing Keys from EventData HOT 2
- Security Channel log -- ErrorCode: 14 HOT 7
- Not able to retrieve Sysmon logs HOT 3
- Can't remotely get any events emitted from host side windows in fluentd on windows container
- Log Parameters are changed for new plugin version windows_eventlog2.
- Log Parameters are changed for new plugin version windows_eventlog2.
- windows_eventlog2 invalid/corrupt output HOT 6
- Error when initiating fluentd daemon with plugin HOT 2
- render_as_xml does not work? HOT 3
- EventId from Windows Eventlog is not the same in windows_eventlog2 plugin HOT 2
- Add support to sysmon delimiters? HOT 1
- Fluentd agent completely stuck due to printing "pattern not match warning" HOT 1
- Add names of attributes to parsed EventData HOT 1
- What is the behavior when using the default overflow_action=throw_exception
- parse_description in windows_eventlog2 is broken HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fluent-plugin-windows-eventlog.