Collecting logs from windows server

Hi!

I would like to get advice for gathering text logs on windows server.
I have a log stream that is implemented as below. Important part of below stream is that all logs must be also collected on node2 as a log file(*) . This log file will be used in an emergency case.

[] represents a single node.

node1-----------node2---------------------------------------------node3-------------node4
[ devices ] ---> [ RSyslog ---> file(*) <--- filebeat1 ] ---> [ logstash ] ---> [ elasticsearch ]

I am now planning to collect text logs from windows server using filebeat. So I want to add 2nd stream as below .

[ devices ] ---> [ RSyslog ---> file(*) <--- filebeat1 ] ---> [ logstash ] ---> [ elasticsearch ]
[ filebeat2 ] --> xxx

However, problem is I cannot send log from filebeat to Rsyslog since filebeat does not support syslog output. Ideally , I do not want to change orders of the data stream which will make things complicated. LIke, send event from filebeat2 to logstash .

Are there any good idea which I can send log from filebeat2 to node2?

I am not sure I follow your reasoning around why Filebeat on server1 and server2 can not send data directly to Logstash? Can you please elaborate on why you need to include Redis at all? If you need Redis, why can Logstash not pull directly from it?

@Christian_Dahlqvist

My explanation was ambiguous sorry about that. I have amended my explanation . Would you please take a look at it?

Why not just send data from the filebeat2 instance directly to Logstash?

Because events will bypass node2 . Log file will not be created in node2.

This topic was automatically closed after 21 days. New replies are no longer allowed.