Hi all,Is the method that is setup to use Cribl WEC/WEF that same approximate setup that is used when Windows Events are routed to a WEC server? Going to approach my windows admins about potentially changing how we do this, and want to make sure that I have my facts straight.
Question
Is setting up Cribl WEC/WEF the same that is used in Windows Events routed to a WEC server?
Today we only support client cert (i.e., mTLS) auth (Kerberos coming soon, though). Having said that, the setup using Cribl WEF source is roughly the same as setting up "actual" WEC/WEF using client certificates.» Get appropriate client certs onto all sending clients» Configure the WEF source in Stream (including a CA cert chain that matches what the client certs are going to be using)» Add/change your EventForwarding GPO to point to your Stream worker as the Server instead of the WEC boxes
https://docs.cribl.io/stream/usecase-wef-config/ is pretty comprehensive, and it all should look pretty familiar to someone who's gone through setting up "real WEC" previously
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.