Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to consume Windows Event Logs via MiNiFi?

Labels (2)
avatar
author-rank sunile_manjee author-rank
Master Guru

Created on ‎05-04-2020 10:38 AM - edited on ‎05-08-2020 12:26 AM by Community Manager Community Manager

The EFM (Edge Flow Manager) makes it super simple to write flows for MiNiFi to execute where ever it may be located (laptops, refineries, phones, OpenShift,etc).  All agents (MiNiFi) are assigned an agentClass.  Once the agent is turned on, it will phone home to EFM for run-time instructions. The run-time instructions are set at the Class level.  Meaning all agents within a class, run the same instruction (flow) set. There can be 0 to many Classes.  In this example, I will capture Windows Security Events via MiNiFi and ship them to NiFi over Site2Site

 

  1. Download MiNiFi MSI and set the classname.  In this example, I set the classname to test6.  This property is set at install time (MSI) or by going directly into minifi.properties. Also, notice the setting nifi.c2.enable=true.  This informs MiNFi that run time flow instructions will be received from EFM.  Start MiNiFi.
    3.jpg
  2. MiNiFi can be configured to send data to multi endpoint (ie Kafka, NiFi, EventHub, etc). In this example, data will be sent to NiFi over S2S.  On NiFi create an input port:
    1.jpg
  3. Capture the port ID. This will be used in EFM later on:
    2.jpg
  4. On EFM, open class test6.  This is where we design the flow for all agents with their class is set to test6:
    4.jpg
  5. To capture Windows events via MiNiFi, add ConsumeWindowsEventLog processor to the canvas:
    10.jpg
  6. Configure the process to pull events.  In this example, MiNiFi will listen for Windows Security Events:
    11.jpg
  7. To send data from MiNiFi to NiFi, add Remote Process Group to the canvas. Provide a NiFi endpoint:
    6.jpg
  8. Connect ConsumeWindowsEventLog processor to the Remote Process Group. Provide the NiFi Input Port ID captured earlier:
    7.jpg
  9. Flow is ready to publish:
    12.jpg
  10. Click on Publish. MiNiFi will phone home at a set interval (nifi.c2.agent.heartbeat.period). Once that occurs, MiNiFi will receive new run time flow instructions.  At that time data will start flowing into NiFi.
    8.jpg 

The EFM makes it super simple to capture Windows events and universally ship anywhere without the ball and chain of most agent/platform designs. 

1,849 Views
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
Version history
Last update:
‎05-08-2020 12:26 AM
Updated by:
Community Manager Community Manager
meetups banner