Agent less deployment

Hello,

I need to deploy agent less deployment version of ELK stack on a basic license.
Basically we want to use IT as a log collector and availability monitoring for Windows/Centos/RedHat servers as well as gather information such as CPU, MEM, DISK usage. Also, we want to monitor network devices. Mostly just availability.

I know that logstash has WMI and SNMP capabilities. I have a few questions about this approach.

1.) Is there documented anywhere this kind of approach?
2.) How should I gather used resource information for Windows and Linux?
3.) Would It be very costly to gather information via logstash send it to filebeat module to parse the information then send it back to logstash to drop all not parse the message and finally send it to elasticsearch(all on the same machine)?

Please, help with a solution.

Hi Adrian,

You could leverage the OS functionalities to forward data, collect it centrally on a few servers and then use FileBeat or Logstash to consume it.

Have a look at Windows Event Forwarding for windows and Syslog for linux. Then maybe use either Beats to parse using ECS or write something on Logstash yourself! Parsing this is already well documented in Logstash, and so is it for Beats.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.