Question: Can I use evtxmon to read from evtx file paths that are active?

Question

Question: Can I use evtxmon to read from evtx file paths that are active?

zhammer opened this issue 5 years ago · 1 comments

i'm trying to set up some windows containers so that their windows event log directories are mounted to a shared volume with a sidecar task that monitors and ships directly from those log files.

is this possible with evtxmon? going to try this out on my own but thought i'd post the question here for added support.

(some background trying to get this up with another tool: https://discuss.elastic.co/t/winlogbeat-as-a-docker-sibling-sidecar-container/217409)

Answer 1 · 2020-03-04T10:37:17.000Z

Hi @zhammer ,

Sorry for the delay ! Maybe you already had the opportunity to test this by now, but normally yes you can do it.

Cheers,