Few beginner questions

avishni · January 25, 2016, 7:53am

hello
I have just started using elk and playing with it in a small lab. i gave a few question about using it and about architecture

if i want to collect event logs from multiple windows servers in my network, do i need to install logstash on every one of them ? is there a way to collect windows events remotely ?
i read that there are some plugins and addons to logstash ? where can i fins the list of the available plugins ?
i need to collect data that is currently stored in SQL tables, is there a way to collect data from ms sql ?
is there a way to use elk to handle snmp traps ? (including mib files to 'translate' the raw data )
any other tips for beginners (reading sources and links to get some basic knowledge ..)

thanks for your answers
avishni

magnusbaeck · January 25, 2016, 8:15am

Theoretically it should be possible but the eventlog input doesn't support it. For now I suspect you have to install something on every machine.
See https://www.elastic.co/guide/en/logstash/current/input-plugins.html and related pages with other types of plugins.
Yes, use the jdbc input.
Yes, use the snmptrap input.
Reading the Logstash documentation, playing around, and asking question here should take you far.

Topic		Replies	Views
Remote server windows event logs Logstash	3	703	July 6, 2017
How can ship logs to Logstash using Windows Events? Logstash	21	22085	July 6, 2017
Getting windows event log to elk server Logstash	2	3047	July 6, 2017
Logstash Under Windows Server - Questions Logstash	5	1726	July 6, 2017
How to integrate elk with log4.net and mssql Elasticsearch	5	5129	July 5, 2017