Collecting log files in addition to Windows event logs

Diggy · September 7, 2016, 3:04pm

Hi, all.

I'm tasked with trying to get certain application logs captured by ELK. I have Winlogbeat working on a test server, and it's forwarding Event Logs. Is there a way (as with Filebeat) to capture logs from, say, SQL Server, or some other application. We have a particular program that creates e.g. log1534.txt today, log1535.txt tomorrow, and log 1536.txt the following day. Note that, on occasion, two or more log files will be created during the same day. Can I forward those to ELK? Can I use Winlogbeat?

Thanks.

andrewkroh · September 7, 2016, 7:50pm

You can forward your log files using Filebeat. So you will have both Winlogbeat and Filebeat installed on your Windows server.

With Filebeat you can use a wildcard pattern or regex to match those filenames.

Diggy · September 7, 2016, 8:16pm

Thanks, Andrew. My bad for not having seen that Filebeat can be installed on Windows. I hate it when I do stuff like that. I'll give it a go, and post to the Filebeat forum if I have any further questions.

Again, thanks!

andrewkroh · September 10, 2016, 8:16pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows log forwarding using filebeat Beats filebeat	11	4949	March 1, 2017
Filebeat and Windows Eventlog Beats filebeat	7	3423	July 5, 2017
Winlogbeat and Reading Log Files Beats winlogbeat	5	4325	April 12, 2016
How to get logs of company in one system? Beats winlogbeat	5	474	April 30, 2019
Collecting Windows Logs from NAS/CIFS Sever Beats winlogbeat	7	2394	July 5, 2017

Collecting log files in addition to Windows event logs

Related topics