Is it even possible to configure Windows Event Logs through command line?
PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe add monitor WinEventLog://Security
In handler 'monitor': Parameter name: Path does not exist.
Also tried:
C:\Windows\System32\Winevt\Logs\Security.evtx (but then I get charset problems) and I didn't find how to specify it when you add monitor (using command line only).
↧