Elastic Stack Agentless Installation

Hello everyone !

Is there any way to monitor windows machines without agent/script on target machine ?
ForExample: Tool/Script on logstash to login and read logs from the target machine via SSH etc. Then process in the logstash and send to Elastic. ?

There is Winlogbeat to read Windows logs, the most likely limited for your case.

If you want to track processes, disk space, etc... and other logs, you can use PowerShell locally from win machines and forward data to LS or directly to ES APIs as JSON structure. PowerShell v5+ is quite powerful, especially via WMI and Get-CimInstance will help with legacy systems.

Another approach is to use PowerShell remoting, you have to set a little bit and make secure, however it is possible to gather info from a single point. Again you should format data to JSON and write via ES APIs.

The last option is use of the exec plugin, and run PS script from LS if you want to involve LS in this story.

Of course there is Opentelemetry which is the agent based.

This is exactly the use case of the agents, the are more lightweight to run in the servers and forward the data to Logstash or Elasticsearch.

If you do not want to use any agent from Elastic, then you will need to build something else, but in resume if you can send the data to Logstash or some place where Logstash can read it, like a Kafka cluster, then you can monitor.

Is there any known tool where I can deploy on logstash, to read logs on windows machines ?

There is none, Logstash is a stand alone ETL tool, if you want to collect logs from Windows Machines you need to use a log collector on that machines instead of installing Logstash in each one of them.

You may use Filebeat to read log files and Winlogbeat to read Event Viewer logs.

If you do not want to use any agent, then you will need to build something to get the logs and send to Logstash.

Do I need to develope something new for this, or is there anything I can use ?

Well, it depends on what you want to do.

If you want to collect logs from Windows servers there are plenty of tools that will do it, Elastic has Filebeat an Winlogbeat.

If you do not want to use those tools or any other tool, then it is up to you how you will collect the logs.

It is not clear what is your issue here.

Actually I don't want to install anything on windows computers. I'm looking for a some system would able to collect logs via pipelines with windows credentials.(If such a thing exists.)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.