You can use the messages/ingest service to send events to a Log Insight server using HTTP POST requests.
The messages/ingest service uses the following syntax.
http://loginsight_host:9000/api/v1/messages/ingest/agentId |
|
https://loginsight_host:9543/api/v1/messages/ingest/agentId |
If you enforce SSL from the Web UI you will be able to use only HTTPS. See Enforce SSL Only Connections.
POST http://loginsight:9000/API/v1/messages/ingest/4C4C4544-0037-5910-805A-C4C04F585831 Host: loginsight:9000 Connection: keep-alive Content-Type: application/json charset: utf-8 Content-Length: ?? {"messages": [{ "fields": [ {"name": "Channel", "content": "Security"}, {"name": "EventID", "content": "4688"}, {"name": "EventRecordID", "content": "33311266"}, {"name": "Keywords", "content": "Audit Success"}, {"name": "Level", "content": "Information"}, {"name": "OpCode","content": "Info"}, {"name": "ProcessID", "content": "4"}, {"name": "ProviderName", "content": "Microsoft-Windows-Security-Auditing"}, {"name": "Task", "content": "Process Creation"}, {"name": "ThreadID", "content": "64"} ], "text": "A new process has been created.", "timestamp": 1396622879241 } ] }