Hello,
I am using winlogbeat-1.1.2 in windows.I got the following error in the yml file of winlogbeat
2016/05/23 06:57:02.522652 beat.go:157: CRIT Setup returned an error: yaml: control characters are not allowed
My configuration file looks like this:
###############################################################################
############################# Winlogbeat ######################################
winlogbeat:
# The registry file is where Winlogbeat persists its state so that the beat
# can resume after shutdown or an outage. The default is .winlogbeat.yml
# in the directory in which it was started.
registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
# List of event logs to monitor.
#
# Optionally, ignore_older may be specified to filter events that are older
# then the specified amount of time. If omitted then no filtering will
# occur. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
# Diagnostic metrics that can retrieved through a web interface if a
# bindaddress value (host:port) is specified. The web address will be
# http://<bindaddress>/debug/vars
#metrics:
# bindaddress: 'localhost:8123'
###############################################################################
############################# Libbeat Config ##################################
# Base config file used by all other beats for using libbeat features
############################# Output ##########################################
# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
output:
### Elasticsearch as output
elasticsearch:
# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (http and 9200)
# In case you specify and additional path, the scheme is required: http://localhost:9200/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
hosts: ["localhost:9292"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "admin"
#password: "s3cr3t"
# Number of workers per Elasticsearch host.
#worker: 1
# Optional index name. The default is "winlogbeat" and generates
# [winlogbeat-]YYYY.MM.DD keys.
#index: "winlogbeat"
# Optional HTTP Path
#path: "/elasticsearch"
# Proxy server url
#proxy_url: http://proxy:3128
# The number of times a particular Elasticsearch index operation is attempted. If
# the indexing operation doesn't succeed after this many retries, the events are
# dropped. The default is 3.
#max_retries: 3
# The maximum number of events to bulk in a single Elasticsearch bulk API index request.
# The default is 50.
#bulk_max_size: 50
# Configure http request timeout before failing an request to Elasticsearch.
#timeout: 90
# The number of seconds to wait for new events between two bulk API index requests.
# If `bulk_max_size` is reached before this interval expires, addition bulk index
# requests are made.
#flush_interval: 1
# Boolean that sets if the topology is kept in Elasticsearch. The default is
# false. This option makes sense only for Packetbeat.
#save_topology: false
# The time to live in seconds for the topology information that is stored in
# Elasticsearch. The default is 15 seconds.
#topology_expire: 15
# tls configuration. By default is off.
#tls:
# List of root certificates for HTTPS server verifications
#certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for TLS client authentication
#certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#certificate_key: "/etc/pki/client/cert.key"
# Controls whether the client verifies server certificates and host name.
# If insecure is set to true, all server host names and certificates will be
# accepted. In this mode TLS based connections are susceptible to
# man-in-the-middle attacks. Use only for testing.
#insecure: true
# Configure cipher suites to be used for TLS connections
#cipher_suites: []
# Configure curve types for ECDHE based cipher suites
#curve_types: []
# Configure minimum TLS version allowed for connection to logstash
#min_version: 1.0
# Configure maximum TLS version allowed for connection to logstash
#max_version: 1.2
Any idea??