Hello,
I have a problem to parse log from a windows sevrer 2012 with filebeat.
The logstash is in a ubuntu server. The stack work fine beacause log from other linux server arrived correctly.
I'm using ELK v6.
I think it's a problem with the ssl option on windows server because when i configure the ssl option into filebeat the filebeat service return an error when I try to launch it.
Coul'd someone help me ?
Thanks.
Can you please add filebeat configuration + logs?
Can you please post text instead of pictures?
The filebeat logs, so we can have a look for error messages. See log output docs.
Also, logstash beat input configuration.
Tip: use single quotes for paths on windows. Then you don't have to deal with escaping the \ symbol.
This is the inpuet beats conf on logstash :
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
And this is the logon windows sever:
Le service filebeat n’a pas pu démarrer en raison de l’erreur :
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.
I can't find anything in the configuration. Please post filebeat logs. My french is pretty rusty, but given the windows error message I assume you installed filebeat as a service, but the service doesn't even start correctly due to timeout on startup. Run filebeat via filebeat.exe -e -v -d '*' -c <path>\to\filebeat.yml in a terminal. This will run filebeat in foreground and print all logs (the -d flag enables debug logging) right to your terminal.
Thanks for the trick, I have found the error... A mistake in the name of cert...
But I have 0 log into my logstash from my windows.
How I can declare my windows log into filebeat.yml ?
Filebeat is about shipping files. For Windows Event Logs use winlogbeat. It's a special beat tailored for collecting event logs.
This article gives some good details on setting up the Elastic Stack for windows event logs: http://www.ubersec.com/2017/12/03/monitoring-for-windows-event-logs-and-the-untold-story-of-proper-elk-integration/
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
