Is it possible to set up one windows event forwarder with 2 outputs?
I have our production WEF running great but in addition to this I want to use the same WEF to set up a test box for @Cyb3rWard0g 's @THE_HELK and send the data out to it as well. Is this possible? I'd like to see the same production data going into both?
In other words, I want to use one WEF and push the data to 2 totally separate instances -
regular ELKstack and @Cyb3rWard0g 's @THE_HELK.
Thanks!
Beats don't support multiple outputs, but if you are sending events from winlogbeat to logstash then you can add an additional output to logstash that sends the events to your HELK in addition to elasticsearch.
Genius, that's why I come here! Thanks Jaime.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.