6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"AWS Cloudwatch Agent config for sysmin log\",\"text\":\"

I try to collect Sysmon logfiles with AWS CloudWatchAgent.

\\n\\n

How do I need to specify the event_name section in the config?

\\n\\n

I tried these

\\n\\n

\\\"event_name\\\": \\\"Microsoft-Windows-Sysmon\\\"\\n

\\n\\n

then (most obvious)

\\n\\n

\\\"event_name\\\": \\\"Microsoft-Windows-Sysmon/Operational\\\"\\n

\\n\\n

and this

\\n\\n

\\\"event_name\\\": \\\"Sysmon\\\"\\n

\\n\\n

But nothing works ...

\\n\\n

Thanks

\\n\\n

Robert

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Robert\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","amazon-web-services",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/amazon-web-services/1","children":"amazon-web-services"}]}],["$","span","amazon-cloudwatch",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/amazon-cloudwatch/1","children":"amazon-cloudwatch"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/f8e974b6e529f01d5ea80cc262c23ae8?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Robert","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/13726320/robert","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Robert"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",31]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"AWS Cloudwatch Agent config for sysmin log"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I try to collect Sysmon logfiles with AWS CloudWatchAgent.

\n\n

How do I need to specify the event_name section in the config?

\n\n

I tried these

\n\n

\"event_name\": \"Microsoft-Windows-Sysmon\"\n

\n\n

then (most obvious)

\n\n

\"event_name\": \"Microsoft-Windows-Sysmon/Operational\"\n

\n\n

and this

\n\n

\"event_name\": \"Sysmon\"\n

\n\n

But nothing works ...

\n\n

Thanks

\n\n

Robert

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",295]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","62402197",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/f8e974b6e529f01d5ea80cc262c23ae8?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Robert","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/13726320/robert","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Robert"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",31]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

\"event_name\": \"Microsoft-Windows-Sysmon/Operational\"

\n\n

is correct.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","68411207",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68411207","className":"text-blue-600 hover:underline","children":"AWS Cloudwatch agent config file removed after startup"}]}],["$","li","58658744",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/58658744","className":"text-blue-600 hover:underline","children":"Cloudwatch agent not sending logs to cloudwatch"}]}],["$","li","48559248",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48559248","className":"text-blue-600 hover:underline","children":"How do I prevent the Amazon cloudwatch agent from not working?"}]}],["$","li","30798917",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30798917","className":"text-blue-600 hover:underline","children":"A sane way to set up CloudWatch logs (awslogs-agent)"}]}],["$","li","53942268",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53942268","className":"text-blue-600 hover:underline","children":"AWS: CloudWatch agent configuration file"}]}],["$","li","50122324",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/50122324","className":"text-blue-600 hover:underline","children":"CloudWatch agent per-instance streams"}]}],["$","li","49293493",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49293493","className":"text-blue-600 hover:underline","children":"Upload server log into aws cloudwatch log using cloudwatch log agent in ubuntu"}]}],["$","li","40172742",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40172742","className":"text-blue-600 hover:underline","children":"How to make CloudWatch logs agent running properly?"}]}],["$","li","37747616",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37747616","className":"text-blue-600 hover:underline","children":"AWS logs agent setup"}]}],["$","li","32852878",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32852878","className":"text-blue-600 hover:underline","children":"CloudWatch log role ARN"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

AWS Cloudwatch Agent config for sysmin log

Answers (1)

Related Questions