Few beginner questions

avishni · January 25, 2016, 7:53am

hello
I have just started using elk and playing with it in a small lab. i gave a few question about using it and about architecture

if i want to collect event logs from multiple windows servers in my network, do i need to install logstash on every one of them ? is there a way to collect windows events remotely ?
i read that there are some plugins and addons to logstash ? where can i fins the list of the available plugins ?
i need to collect data that is currently stored in SQL tables, is there a way to collect data from ms sql ?
is there a way to use elk to handle snmp traps ? (including mib files to 'translate' the raw data )
any other tips for beginners (reading sources and links to get some basic knowledge ..)

thanks for your answers
avishni

magnusbaeck · January 25, 2016, 8:15am

Theoretically it should be possible but the eventlog input doesn't support it. For now I suspect you have to install something on every machine.
See https://www.elastic.co/guide/en/logstash/current/input-plugins.html and related pages with other types of plugins.
Yes, use the jdbc input.
Yes, use the snmptrap input.
Reading the Logstash documentation, playing around, and asking question here should take you far.

Topic		Replies	Views
Getting windows event log to elk server Logstash	2	3046	July 6, 2017
How to sent Windows Event Logs file to ELK? Logstash	2	300	May 21, 2018
How to integrate elk with log4.net and mssql Elasticsearch	5	5120	July 5, 2017
Join various WinLogBeat Windows Event Log events into one? Logstash	4	305	April 15, 2021
Getting started with Logstash JDBC Integration on Windows Logstash	4	388	May 11, 2023