Why is the log content in XML code when I use CloudWatch Agent to collect Windows logs and upload them to CloudWatch Log?

1

CloudWatch/Log groups/Windows-Event/Jump Server <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{5559d1-a7-45-8ee-262f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2023-06-15T23:37:35.5334971Z'/><EventRecordID>227500</EventRecordID><Correlation/><Execution ProcessID='1004' ThreadID='68304'/><Channel>System</Channel><Computer>Jump

Is it caused by an error in the configuration file of AmazonCloudWatchAgent, or what is the reason?

DD-Boom
asked 8 months ago338 views
2 Answers
0

I don't think it is particularly strange that the output is in XML.
If you check the Event Viewer on the Windows server, you will see the logs in the same XML format.

profile picture
EXPERT
answered 8 months ago
  • Normally it will be the log content [Security] [INFORMATION] [5061] [Microsoft-Windows-Security-Auditing] [Jump] [Cryptographic operation.

    Subject: Security ID: S-0-1112 1069 Account Name: ****** Account Domain: ******* Logon ID: 0x1B313D0

    Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNCCTVN Key Name: *******.net Key Type: User key.

    Cryptographic Operation: Operation: Open Key. Return Code: 0x87788016]

0

Hi DD-Boom

in addition to Riku

The windows stored event logs in XML format. You an see the WEF format

https://docs.nxlog.co/userguide/integrate/windows-eventlog.html

The format you have written is not log format it is how event viewer shos the log in user interface

and as you can see here

https://johndcyber.com/how-to-forward-windows-event-logs-to-cloud-watch-in-5-easy-steps-13fa65a173b2

CloudWatchAgent forwards the event in the same format also

profile picture
EXPERT
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions