This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Issues with SIEM forwarder for Windows on Docker

Posted on 06-18-2024 09:33 AM
TPankaj
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi Team,

We are unable to see Windows on Docker forwarder logs in Chronicle SIEM.

Is there any documenation to follow for troubleshooting.

Below URL is not much helpful for troubleshooting

https://cloud.google.com/chronicle/docs/install/docker-forwarder-windows

0 1 57
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
jpetitg
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi, 

Can you explain a bit more your issue. Is it to see logs from your Windows in Chronicle SIEM or the logs of the forwarder.

If it is the latter, in the documentation you provided, forwarder logs can be seen by launching the following command: sudo docker logs cfps (see https://cloud.google.com/chronicle/docs/install/docker-forwarder-windows#view_forwarder_logs)

If there is an issue on the forwarder or in your configuration file, it will be mentionned there. Also if logs are received and sent to your Chronicle SIEM instance you will have the mention "Batch (XX, LOG_TYPE) successfully uploaded."

If there is an error in your docker log file, you can find some insights for troubleshooting in this documentation: https://cloud.google.com/chronicle/docs/install/troubleshoot-forwarder#common-log-file-errors

0 Likes
Top Solution Authors
View all