Setting up ConsumeWindowsEventLog

Learn how to set up the ConsumeWindowsEventLog processor to capture windows events through MiNiFi, and to send data from MiNiFi to NiFi.

  1. Download MiNiFi MSI and set the classname.
    In this example, the classname is test6. You can set this property at install time (MSI) or by going directly to the file. Also ensure that the nifi.c2.enable property is set to true. This informs MiNiFi that run time flow instructions will be received from EFM.
  2. Start MiNiFi.

    MiNiFi can be configured to send data to multiple endpoints (for example, Kafka, NiFi, EventHub). In this example, data will be sent to NiFi over S2S.

  3. Create an input port on NiFi.

  4. Capture the port ID.
    The port ID will be used in EFM later on.

  5. On EFM, open the test6 class.

    This is where we design the flow for all agents with their class set to test6.

  6. To capture windows events through MiNiFi, add ConsumeWindowsEventLog processor to the canvas.
  7. Configure the processor to pull events.

    In this example, MiNiFi collects the windows security events.

  8. To send data from MiNiFi to NiFi, add a Remote Process Group to the canvas and provide a NiFi endpoint.

  9. Connect the ConsumeWindowsEventLog processor to the Remote Process Group and provide the NiFi Input Port ID captured earlier.
  10. Click Publish.

    MiNiFi contacts EFM at a set interval (nifi.c2.agent.heartbeat.period). Once that occurs, MiNiFi receives new run time flow instructions. At that time data starts flowing into NiFi.