Can we push Event logs from Windows server 2012 r2 to logststash which is installed on ubuntu using filebeat.
Server : Ubuntu 14.04
Client : Windows server 2012 r2
Filebeat ships (text) files only, but look into Winlogbeat.
Hi Magnusbaek,
Thaks for the prompt update.Will try with Winlogbeat and will get back If i get any errors.
Hi,
I am not able to start the service in windows server 2012 r2 ,Getting 1053 error.Can you suggest me the correct settings that need to be done in the YAML. And also can you suggest me the logstash setting (fileter settings) that need to be done in the ubuntu server 14.04.
Checkout the documentation for getting started with Winlogbeat. Please make sure you run the step that says, "After you save your configuration file, test it with the following command."
For Logstash usage with Beats, see https://www.elastic.co/guide/en/beats/winlogbeat/master/config-winlogbeat-logstash.html and https://www.elastic.co/guide/en/beats/libbeat/master/logstash-installation.html#logstash-setup.
(You didn't mention a version, so be advised the links above are for Winlogbeat 5.X. You can choose documentation version using the drop-down on the right hand side of the pages).
I am able to push my event logs to logstash by using winlogbeat.
Is this winlogbeat can be used to ship the text files like iis logs or is it only for shipping the event logs?.
Can you suggest one beat which will ship all the logs like: event log,text files etc.
Winlogbeat is for shipping Windows event logs. Filebeat is for shipping log files. You can run them both as Windows services side by side. Neither uses a lot of resources.
Is there any beat that can be used to ship iis log and event log instead of usign these both winlog beat and filebeat. if any please suggest.
No, there is no Beats program that carries out both tasks.
This topic was automatically closed after 21 days. New replies are no longer allowed.