Open for Voting
over 1 year ago

Agentless pull of event logs or log files


We have many critical systems that getting an agent on is a horrendous task and anytime anything goes wrong it will be the agents fault.  So I would LOVE to see an agentless pull.  This could be similar to how SAM looks at logs.  It can have credentials that log into the system, regardless of OS, and will go to the file you configure and grab the logs.

Since the technology is already there for SAM, I would think this would be doable.

  • I actually just switched from GFI EventsManager to LEM.  GFI pulled windows event logs without an agent.  It would download the logs from windows machine 1000 events at a time until all the events were pulled and then would clear the event log (if you want it to).

  • I agree, this is needed.  When I opened the feature request HERE that was one of the things I was hoping to be able to accomplish.

    As I have pointed out before; when somebody asks me if I can support a specific log file/source the answer can't ever be "NO"; however, it can be "yes, but...".

  • How about creating a tool that sends data to the LEM.  The agentless pull is a HUGE help, but in addition we could really use a way to get some custom or random log file to send each line in the log to LEM.  What if you guys made an agent/tool/script that we could use to make this happen?

    We have a script that does this, but its very rudementary since we have no scripting/programming experts here.

  • FormerMember
    FormerMember over 6 years ago in reply to familyofcrowes

    I just updated the idea status to WWWO also. I can't give any ETAs, of course emoticons_happy.png

    PS: Just wanted to clarify that initially this is for Windows Event Logs only, remote arbitrary logs or other platforms will still have to be a TBD. A lot of our Linux tools can be syslogged, though, which might be another way to approach that problem, though still requires some changes be made on the Linux end.