Agent less deployment

Adriann · June 18, 2020, 8:17am

Hello,

I need to deploy agent less deployment version of ELK stack on a basic license.
Basically we want to use IT as a log collector and availability monitoring for Windows/Centos/RedHat servers as well as gather information such as CPU, MEM, DISK usage. Also, we want to monitor network devices. Mostly just availability.

I know that logstash has WMI and SNMP capabilities. I have a few questions about this approach.

1.) Is there documented anywhere this kind of approach?
2.) How should I gather used resource information for Windows and Linux?
3.) Would It be very costly to gather information via logstash send it to filebeat module to parse the information then send it back to logstash to drop all not parse the message and finally send it to elasticsearch(all on the same machine)?

Adriann · June 21, 2020, 11:38am

Please, help with a solution.

NerdSec · June 21, 2020, 2:27pm

Hi Adrian,

You could leverage the OS functionalities to forward data, collect it centrally on a few servers and then use FileBeat or Logstash to consume it.

Have a look at Windows Event Forwarding for windows and Syslog for linux. Then maybe use either Beats to parse using ECS or write something on Logstash yourself! Parsing this is already well documented in Logstash, and so is it for Beats.

system · July 19, 2020, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What is Elastic agent? Elastic Agent	7	597	November 24, 2022
Working with logstash with agentless Logstash	3	1267	December 3, 2017
Send logs from Windows without agent / winlogbeat / filebeat Beats winlogbeat	4	1763	March 21, 2018
Elastic Stack Agentless Installation Logstash	8	423	March 26, 2024
Removed logstash from ELK, now ELK's broken Elasticsearch	3	870	July 5, 2017

Agent less deployment

Related topics