With Windows agent 2.1.33, we support a new JSON config option for the windows_event_log monitor. When this option is set to true, events are formatted as JSON.
Please follow the below procedure to enable the feature:
1. Modify your Windows Agent Config as follow:
// Configuration for the Scalyr Agent. For help:
//
// https://www.scalyr.com/help/scalyr-agent-2
{
// Enter a "Write Logs" api key for your account. These are available at https://www.scalyr.com/keys
api_key: "your api_key here",
// Fields describing this server. These fields are attached to each log message, and
// can be used to filter data from a particular server or group of servers.
server_attributes: {
// Fill in this field if you'd like to override the server's hostname.
// serverHost: "REPLACE THIS",
// You can add whatever additional fields you'd like.
// tier: "production"
}
// Log files to upload to Scalyr. You can use '*' wildcards here.
logs: [
// { path: "/var/log/httpd/access.log", attributes: {parser: "accessLog"} }
],
monitors: [
{
module: "scalyr_agent.builtin_monitors.windows_event_log_monitor",
// When this option is set to true, events are formatted as JSON.
json: true,
channels: [
{
"channel": [ "Application", "Security", "System" ],
"query": "*[System/Level=0 or System/Level=1 or System/Level=2 or System/Level=3 or System/Level=4]",
}
]
},
{
module: "scalyr_agent.builtin_monitors.syslog_monitor",
protocols: "tcp:1468, udp:514",
accept_remote_connections: true
}
]
}
2. Your Windows Event Logs should look like this after the above change is made
Comments
0 comments
Please sign in to leave a comment.