To collect event logs from Microsoft Windows hosts, Axoflow supports both agent-based and agentless methods.
- For a collector agent, we recommend using the Axoflow OpenTelemetry Collector distribution. For details, see Windows host - agent based solution.
- To use an agentless solution, see Windows Event Collector (WEC).
Labels
Labels assigned to data received from Windows hosts depend on how AxoRouter receives the data. For details, see Windows host - agent based solution and Windows Event Collector (WEC).
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| windows:eventlog:snare | oswin |
| windows:eventlog:xml | oswin |