Hi,
You have several options
- because this is a Qradar discussion, I suppose you have WinCollect already on that machine, so you can add Universal DSM with Wincollect File Forward protocol. I think this is the easiest way
- if you already using some kind of syslog solution where you have syslog agent for windows (syslog-ng for windows, nxlog etc), you can use that as well to forward the contents of that file.
Please note, if the logs in that file is multiline, it will give some additional complexity to your project, but the mentioned products can be utilized for that as well. Syslog-ng / Syslog-ng for windows is not as good on this platform than nxlog and I'm sure you can find some free/shareware solution if needed, but those are most of the time are very poorly designed and lack of functionality (based on some very old code)
L:
------------------------------
Laszlo Pal
------------------------------
Original Message:
Sent: Sun July 19, 2020 05:22 AM
From: StarLink Support
Subject: Please tell the Best method to capture log file in Windows for Qradar.
please tell us the best method to capture logfile in Windows for Qradar.
I prefer to use an agent if possible to forward the logs to Qradar as and when the file is updated.
------------------------------
StarLink Support
------------------------------