<div id="readability-page-1" class="page"><div id="post-body-7470312829383509094" itemprop="articleBody">
<p>winlogbeat는 이벤트 로그 파일 연동을 지원한다.</p>
<p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYNbSDaPtJS3Hi2wx9vaRKyOk76dhE_uuWLG1sltXcOZh_zxEPEfCmdhcMnnx03k8Zn5MSxzo6brB5OZuKu3JMHLh9kqf-tCweW8mzKMXeIQMEPDwhV3r7ZjSIDM7c7UYLe_zQ_k6_VyzpbmAWqn_HTQ4jV0c1afO1mMLftKGAsTNqqL9RhUbY4OHaCxHx/s1280/winlogbeat_yml.png"><img data-original-height="471" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYNbSDaPtJS3Hi2wx9vaRKyOk76dhE_uuWLG1sltXcOZh_zxEPEfCmdhcMnnx03k8Zn5MSxzo6brB5OZuKu3JMHLh9kqf-tCweW8mzKMXeIQMEPDwhV3r7ZjSIDM7c7UYLe_zQ_k6_VyzpbmAWqn_HTQ4jV0c1afO1mMLftKGAsTNqqL9RhUbY4OHaCxHx/s280/winlogbeat_yml.png" width="280"></a></p>
<p><span><a name="more"></a></span>스플렁크도 마찬가지. 모니터 기능을 이용해서 연동 대상 파일 지정.</p>
<div><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXJMyeqIWnZbbr8ZYl5k6kG9BSdHqgOpIF3kQhdlQOkVugBPV7cSY22ESH1fwAKioGnY3UcMezfBWf3JH-RGdOa1uqtnGx38MiqF8ApA0k-wIAisGkgTMiRC1K95UviSW6coanqtASY4amGDny8AXLaciLkdXua2AGuEXLVmowy7htBB36QFk5dBjO5zh8/s1280/splunk_evtx.png"><img data-original-height="717" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXJMyeqIWnZbbr8ZYl5k6kG9BSdHqgOpIF3kQhdlQOkVugBPV7cSY22ESH1fwAKioGnY3UcMezfBWf3JH-RGdOa1uqtnGx38MiqF8ApA0k-wIAisGkgTMiRC1K95UviSW6coanqtASY4amGDny8AXLaciLkdXua2AGuEXLVmowy7htBB36QFk5dBjO5zh8/s280/splunk_evtx.png" width="280"></a></p>
<p>preprocess-winevt란 소스타입이 자동으로 지정된다. 그런데 시간 정보를 제대로 불러오지 못함. 일단 그냥 진행<span>(..)</span></p></div>
<p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCX7AKZ3bWbk1p-VUVVvZ-IGT0SSNCYG8M1XyRUxWkAnrE3ZLQwLc2d9HhH7JJ-uLrVA7-1AVS6orCfzj23XvPzeEDU4VL6PAAj2b0p454gxOafPzOtKS8Dcg4oLv3GO1oqcQVHAPcd7_4Y68iRVsqjeldZuKZzfHDryoc2al-DV3430Xy4mAmM6inbXyI/s1208/splunk_evtx2.png"><img data-original-height="720" data-original-width="1208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCX7AKZ3bWbk1p-VUVVvZ-IGT0SSNCYG8M1XyRUxWkAnrE3ZLQwLc2d9HhH7JJ-uLrVA7-1AVS6orCfzj23XvPzeEDU4VL6PAAj2b0p454gxOafPzOtKS8Dcg4oLv3GO1oqcQVHAPcd7_4Y68iRVsqjeldZuKZzfHDryoc2al-DV3430Xy4mAmM6inbXyI/s280/splunk_evtx2.png" width="280"></a></p>
<p>연동 완료 후 검색 결과. 다행히 시간 정보 잘 불러온다.</p>
<p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmkmQ3QxjnVUEvvJg9cHTUZZYnurOrHDP0kX4jDE0m9kW5HqqTbbj7PUxOvaP8Rsx_1RpiO_-k_RqfGRVq_2hi_x7AJprszYFV-3syxyCjKKBs7dn1ryNu4qCRG6puNfYzXe5HyX_btyNG3BZZRJUAGx6pDd3rxooC2iinMkEt7EcjwgrO5JBx0FXODb6n/s1268/splunk_evtx3.png"><img data-original-height="720" data-original-width="1268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmkmQ3QxjnVUEvvJg9cHTUZZYnurOrHDP0kX4jDE0m9kW5HqqTbbj7PUxOvaP8Rsx_1RpiO_-k_RqfGRVq_2hi_x7AJprszYFV-3syxyCjKKBs7dn1ryNu4qCRG6puNfYzXe5HyX_btyNG3BZZRJUAGx6pDd3rxooC2iinMkEt7EcjwgrO5JBx0FXODb6n/s280/splunk_evtx3.png" width="280"></a></p><p>뭔가 좀 찜찜하지만 잘 되는 듯.</p>
<p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX69fbkkC7o5OWY0T51L425IrkMGhZRM3MoVASGecS6Jq6WkLqBv5XvbueVYjiTqBwf7Q-z9CBtuDKF-9EtmlgZ5dviIv186F5yTFlY3VYAy2HNnAgHfnOL0CD0uI8fwQPIejyD4lAPxj_yD5RyItYxOhjPdmandJA4vOxOHYyYtX9_aoBBgRbB32Ya8Qh/s1280/splunk_evtx4.png"><img data-original-height="710" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX69fbkkC7o5OWY0T51L425IrkMGhZRM3MoVASGecS6Jq6WkLqBv5XvbueVYjiTqBwf7Q-z9CBtuDKF-9EtmlgZ5dviIv186F5yTFlY3VYAy2HNnAgHfnOL0CD0uI8fwQPIejyD4lAPxj_yD5RyItYxOhjPdmandJA4vOxOHYyYtX9_aoBBgRbB32Ya8Qh/s280/splunk_evtx4.png" width="280"></a></p>
<div><p><b>관련 글</b></p><div><ul><li><a href="https://kangmyounghun.blogspot.com/2021/07/splunk-winlogbeat-2nd.html" target="">Splunk와 Winlogbeat 차이 - 2nd</a></li><li><a href="https://kangmyounghun.blogspot.com/2021/05/splunk-winlogbeat.html" target="">Splunk와 Winlogbeat 차이</a></li></ul></div></div>

</div></div>

케세라세라

winlogbeat는 이벤트 로그 파일 연동을 지원한다.
스플렁크도 마찬가지. 모니터 기능을 이용해서 연동 대상 파일 지정.
preprocess-winevt란 소스타입이 자동으로 지정된다. 그런데 시간 정보를 제대로 불러오지 못함. 일단 그냥 진행(..)
연동 완료 후 검색 결과. 다행히 시간 정보 잘 불러온다.
뭔가 좀 찜찜하지만 잘 되는 듯.
관련 글
Splunk와 Winlogbeat 차이 - 2nd
Splunk와 Winlogbeat 차이

Splunk와 Winlogbeat 차이 - 3rd

댓글