As I mentioned before, I use use Graylog to centrally capture and store many logfiles. I collect and ship logfiles from many systems, like Linux servers and network elements, which is easy with Syslog. But I also have some Windows systems, and I want to have the event logs collected and shipped to my Graylog server.
I used the NXLog Community Edition for a long time to do that! And NXLog did an excellent job! But there was on drawback: NXLog required me to use a dedicated configuration for each system, what I did with included. I couldn’t establish a universal “one size fits all” configuration approach. Then I found Winlogbeat from elastic!
And with Winlogbeat I was able to create a universal config that I can initially deploy to all Windows based servers! Yes, there are still some tweaks that you might want for each system (based on the role and use case of the system), but the universal approach worked very well for me.