How does the LogStash collect Windows Event Logs

mohanguttikonda · July 3, 2015, 7:17am

Hi,

How does the LogStash collect Windows Event Logs? is it directly reading the .evtx files using WMI or does it depend on any events to receive the windows event logs?

logstash.conf

input {
eventlog {
type => "eventlog"
}
}

I have gone through the link https://github.com/elastic/logstash/blob/v1.1.1/lib/logstash/inputs/eventlog.rb, it looks like the log files are read directly.

Please confirm if my understanding is correct, this is just for my reference.

Thanks & Regards,
Mohan G

Topic		Replies	Views
Windows event collection using Logstah Forwarder Logstash	2	1128	July 6, 2017
How to collect windows event logs using Logstash? Logstash	5	8155	July 17, 2017
Collecting Windows event log Logstash	8	2406	July 6, 2017
Parsing Windows Events Log using Logstash Logstash	1	264	August 13, 2019
How can ship logs to Logstash using Windows Events? Logstash	21	22087	July 6, 2017

How does the LogStash collect Windows Event Logs

Related topics