Collecting log files in addition to Windows event logs

Diggy · September 7, 2016, 3:04pm

Hi, all.

I'm tasked with trying to get certain application logs captured by ELK. I have Winlogbeat working on a test server, and it's forwarding Event Logs. Is there a way (as with Filebeat) to capture logs from, say, SQL Server, or some other application. We have a particular program that creates e.g. log1534.txt today, log1535.txt tomorrow, and log 1536.txt the following day. Note that, on occasion, two or more log files will be created during the same day. Can I forward those to ELK? Can I use Winlogbeat?

Thanks.

andrewkroh · September 7, 2016, 7:50pm

You can forward your log files using Filebeat. So you will have both Winlogbeat and Filebeat installed on your Windows server.

With Filebeat you can use a wildcard pattern or regex to match those filenames.

Diggy · September 7, 2016, 8:16pm

Thanks, Andrew. My bad for not having seen that Filebeat can be installed on Windows. I hate it when I do stuff like that. I'll give it a go, and post to the Filebeat forum if I have any further questions.

Again, thanks!

andrewkroh · September 10, 2016, 8:16pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.