Yes, i have to admit: we also have windows machine!
Is the new filebeat 1.0.0 release ready for the Windows Eventlog?
If not, what would be the best way to capture the Eventlog? Logstash-forwarder?
I can not find anymore the logstash-forwarder on the elasticsearch site.
Ciao
Admitting is the first step
The good news is that @andrewkroh is actively working it, it's going to be its own Beat: https://github.com/elastic/beats/winlogbeat
We plan to release with our next Beats version (1.1). If you are reeealy adventurous, we cannot stop you from trying it already, but we don't have yet nightly builds for it, so you'd have to compile it yourself.
1 Like
could you please share the installation steps of this winlogbeat? is it supports Windows2008R2 server?
hi please share the steps how to work with this.
i am new to ELK
As @tudor mentioned you need to compile this yourself. It's built in go, so any tutorial on how to compile that will help you.
We have a getting started guide for Winlogbeat in the Github repo (as well as other documentation). None of the documentation will go live on elastic.co until the software is released.
The software package can be downloaded from our nightly build site.
I created a Winlogbeat category under Beats for any related questions.
I hope winlogbeat can support on chinese windows sever.