Hi all,Is the method that is setup to use Cribl WEC/WEF that same approximate setup that is used when Windows Events are routed to a WEC server? Going to approach my windows admins about potentially changing how we do this, and want to make sure that I have my facts straight.
Page 1 / 1
We just did a User Group where it was on Windows Event Collector: https://youtu.be/_glQmFD9ync
i'll check that out. thanks
Today we only support client cert (i.e., mTLS) auth (Kerberos coming soon, though). Having said that, the setup using Cribl WEF source is roughly the same as setting up "actual" WEC/WEF using client certificates.» Get appropriate client certs onto all sending clients» Configure the WEF source in Stream (including a CA cert chain that matches what the client certs are going to be using)» Add/change your EventForwarding GPO to point to your Stream worker as the Server instead of the WEC boxes
https://docs.cribl.io/stream/usecase-wef-config/ is pretty comprehensive, and it all should look pretty familiar to someone who's gone through setting up "real WEC" previously
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.