• Home
• org.apache.nifi
• nifi-windows-event-log-processors
• 1.27.0
• source code
• additionalDetails.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

docs.org.apache.nifi.processors.windows.event.log.ConsumeWindowsEventLog.additionalDetails.html Maven / Gradle / Ivy

    
    
        
        

        
    

    
        
        
Description:
        
This processor is used listen to Windows Event Log events. It has a success output that will contain an XML representation of the event.
         
         
Output XML Example:
         

             
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager"/>
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-06-10T22:28:53.905233700Z"/>
    <EventRecordID>34153</EventRecordID>
    <Correlation/>
    <Execution ProcessID="684" ThreadID="3504"/>
    <Channel>System</Channel>
    <Computer>WIN-O05CNUCF16M.hdf.local</Computer>
    <Security/>
  </System>
  <EventData>
    <Data Name="param1">Smart Card Device Enumeration Service</Data>
    <Data Name="param2">running</Data>
    <Binary>5300630044006500760069006300650045006E0075006D002F0034000000</Binary>
  </EventData>
</Event>
             
        

        
Permissions:
        

            Your Windows User must have permissions to read the given Event Log.  This can be achieved through the following steps (Windows 2008 and newer):
            

                
Open a command prompt as your user.  Enter the command: wmic useraccount get name,sid
                
Note the SID of the user or group you'd like to allow to read a given channel
                
Open a command prompt as Administrator.  enter the command: wevtutil gl CHANNEL_NAME
                
Take the channelAccess Attribute starting with O:BAG, copy it into a text editor, and add (A;;0x1;;;YOUR_SID_FROM_BEFORE) to the end
                
Take that text and run the following command in your admin prompt (see below for example): wevtutil sl CHANNEL_NAME /ca:TEXT_FROM_PREVIOUS_STEP
            

            
The following command is the exact one I used to add read access to the Security log for my user. (You can see all the possible channels with: wevtutil el):
            
wevtutil sl Security /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-21-3589080292-3448680409-2446571098-1001)

            
These steps were adapted from this guide.