https://github.com/infrasonar/eventlog-probe

InfraSonar Windows Event Log probe
https://github.com/infrasonar/eventlog-probe

cesbit eventlog infrasonar microsoft monitoring windows wmi

Last synced: 5 months ago
JSON representation

InfraSonar Windows Event Log probe

• Host: GitHub
• URL: https://github.com/infrasonar/eventlog-probe
• Owner: infrasonar
• License: gpl-3.0
• Created: 2023-09-16T09:23:42.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-12-18T11:28:43.000Z (6 months ago)
• Last Synced: 2025-12-21T17:53:00.780Z (5 months ago)
• Topics: cesbit, eventlog, infrasonar, microsoft, monitoring, windows, wmi
• Language: Python
• Homepage:
• Size: 103 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
[![CI](https://github.com/infrasonar/eventlog-probe/workflows/CI/badge.svg)](https://github.com/infrasonar/eventlog-probe/actions)

[![Release Version](https://img.shields.io/github/release/infrasonar/eventlog-probe)](https://github.com/infrasonar/eventlog-probe/releases)

# InfraSonar Windows Event Log Probe

## Environment variable

Variable               | Default                        | Description

---------------------- | ------------------------------ | ------------

`AGENTCORE_HOST`       | `127.0.0.1`                    | Hostname or Ip address of the AgentCore.

`AGENTCORE_PORT`       | `8750`                         | AgentCore port to connect to.

`INFRASONAR_CONF`      | `/data/config/infrasonar.yaml` | File with probe and asset configuration like credentials.

`MAX_PACKAGE_SIZE`     | `500`                          | Maximum package size in kilobytes _(1..2000)_.

`MAX_CHECK_TIMEOUT`    | `300`                          | Check time-out is 80% of the interval time with `MAX_CHECK_TIMEOUT` in seconds as absolute maximum.

`DRY_RUN`              | _none_                         | Do not run demonized, just return checks and assets specified in the given yaml _(see the [Dry run section](#dry-run) below)_.

`LOG_LEVEL`            | `warning`                      | Log level (`debug`, `info`, `warning`, `error` or `critical`).

`LOG_COLORIZED`        | `0`                            | Log using colors (`0`=disabled, `1`=enabled).

`LOG_FMT`              | `%y%m%d %H:%M:%S`              | Log format prefix.

`EVENTLOG_LAST_RUN_FN` | `/data/eventlog_last_run.mp`   | Location of file which we use to store eventlog check last run times.

## Docker build

```

docker build -t eventlog-probe . --no-cache

```

## Dry run

Available checks:

- `eventlog`

Create a yaml file, for example _(test.yaml)_:

```yaml

asset:

  name: "foo.local"

  check: "eventlog"

  config:

    address: "192.168.1.2"

    eventCodes: [400, 600]

```

Run the probe with the `DRY_RUN` environment variable set the the yaml file above.

```

DRY_RUN=test.yaml python main.py

```