Few beginner questions

Elastic Stack Logstash
1

hello
I have just started using elk and playing with it in a small lab. i gave a few question about using it and about architecture

  1. if i want to collect event logs from multiple windows servers in my network, do i need to install logstash on every one of them ? is there a way to collect windows events remotely ?

  2. i read that there are some plugins and addons to logstash ? where can i fins the list of the available plugins ?

  3. i need to collect data that is currently stored in SQL tables, is there a way to collect data from ms sql ?

  4. is there a way to use elk to handle snmp traps ? (including mib files to 'translate' the raw data )

  5. any other tips for beginners (reading sources and links to get some basic knowledge ..)

thanks for your answers
avishni

2
  1. Theoretically it should be possible but the eventlog input doesn't support it. For now I suspect you have to install something on every machine.
  2. See https://www.elastic.co/guide/en/logstash/current/input-plugins.html and related pages with other types of plugins.
  3. Yes, use the jdbc input.
  4. Yes, use the snmptrap input.
  5. Reading the Logstash documentation, playing around, and asking question here should take you far.
1 Like