About Event Importer

Applies To: WatchGuard SIEMFeeder This topic applies to the WatchGuard endpoint security module, SIEMFeeder. SIEMFeeder is available with WatchGuard EPDR and WatchGuard EDR.

WatchGuard Event Importer is an application that you can use to download data that the WatchGuard SIEMFeeder service generates from computer process activity on the network. Based on the settings that you configure, Event Importer can import, decompress, and save these data log files to a folder on your computer or send the files to a compatible server (Apache Kafka or syslog).

Event Importer can:

• Save logs to a local or remote folder
• Send logs to an Apache Kafka server
• Send logs to a syslog server

You can download the Event Importer install package from the Software Downloads page on the WatchGuard website, in the Endpoint Software section.

Characteristics of Log Files

The log files that SIEMFeeder generates have different sizes and can contain one or more events that belong to different event categories. The events that a single log file includes can originate from one or more computers on a protected network.

For more information about log files, see WatchGuard SIEMFeeder Event Guide.

• Each log file has a maximum size of 256 KB, in a compressed format.
• Event Importer stores log files to the configured storage location, and it respects any user-applied maximum file size as defined in settings.
• Each log file has a name in the form of yyyymmdd-hhmm-(xxxxxx).

yyyy

Year created.

mm

Month created.

dd

Day created.

hh

Time created (hours).

mm

Time created (minutes).

–(xxxxxx)

If Event Importer creates more than one log file within the same minute, it assigns an index number to additional log files.

Related Topics

About SIEMFeeder

Configure and Run Event Importer

Modify Event Importer Settings