EventLog input/plugin only supports Application, System and Security.... why?!?!?

Luis_Pereira · May 3, 2016, 8:51pm

Hi,

I've got a custom Windows Event log file, but when I specify this logfile name, logstash stash complains with the following error message... any knows why its restrictive to 3 known logfiles?

←[31mInvalid setting for eventlog input plugin:

input {
eventlog {
# This setting must be a ["Application", "Security", "System"]
# Expected one of ["Application", "Security", "System"], got ["Application
", "CustomLogfileName"]
logfile => ["Application", "CustomLogfileName"]
...
}
} {:level=>:error}←[0m
←[31mfetched an invalid config {:config=>"input {\n eventlog {\n type => "
Win32-EventLog"\n logfile => ["Application", "CustomLogfileName"]\n }\n}\n\nout
put {\n stdout { codec => rubydebug }\n}\n\n\n", :reason=>"Something is wrong
with your configuration.", :level=>:error}←[0m
The signal HUP is in use by the JVM and will not work correctly on this platform

warkolm · May 3, 2016, 11:02pm

Why not use winlogbeat instead? https://www.elastic.co/guide/en/beats/winlogbeat/current/index.html

Luis_Pereira · May 4, 2016, 9:05am

Sure I don't mind... but I guess what I was trying to find out is why it doesn't allow other logfiles to be used as opposed to using winlogbeat. I've seen winlogbeat already, but was just wondering why logstash had that restrictions.

warkolm · May 4, 2016, 9:36am

No idea sorry, PRs welcome though

Topic		Replies	Views
Logstash Input Eventlog Logstash	6	1399	December 16, 2016
How to collect windows event logs using Logstash? Logstash	5	8155	July 17, 2017
Eventlog input ,errors out Logstash	5	459	May 10, 2017
Custom Application Eventlog not picked up by winlogbeat Beats winlogbeat	9	2356	March 5, 2018
Unable to install "logstash-input-eventlog" plugin (windows event viewer logs) Logstash	8	1075	November 1, 2017

EventLog input/plugin only supports Application, System and Security.... why?!?!?

Related topics