Hi Team,
How to get the logs from Cloud windows server to vmware ubuntu 14 ELK server.....
Its very urgent basis....
Hi Andrew,
Thanks for your reply, I configured in Cloud instance windows 2008 r2 server ( Client ). but Sever in VMware pc ( ELK server).
Find the below error from Windows client in cloud
2017-04-18T11:21:33+01:00 DBG Disable stderr logging
2017-04-18T11:21:33+01:00 INFO Home path: [C:\Program Files\Winlogbeat] Config path: [C:\Program Files\Winlogbeat] Data path: [C:\ProgramData\winlogbeat] Logs path: [C:\Program Files\Winlogbeat\logs]
2017-04-18T11:21:33+01:00 INFO Setup Beat: winlogbeat; Version: 5.0.2
2017-04-18T11:21:33+01:00 DBG Processors:
2017-04-18T11:21:33+01:00 DBG Initializing output plugins
2017-04-18T11:21:33+01:00 INFO Max Retries set to: 3
2017-04-18T11:21:33+01:00 INFO Activated logstash as output plugin.
2017-04-18T11:21:33+01:00 DBG Create output worker
2017-04-18T11:21:33+01:00 DBG No output is defined to store the topology. The server fields might not be filled.
2017-04-18T11:21:33+01:00 INFO Publisher name: HBWEB03
2017-04-18T11:21:33+01:00 INFO Flush Interval set to: 1s
2017-04-18T11:21:33+01:00 INFO Max Bulk Size set to: 1024
2017-04-18T11:21:33+01:00 DBG create bulk processing worker (interval=1s, bulk size=1024)
2017-04-18T11:21:33+01:00 INFO State will be read from and persisted to C:\ProgramData\winlogbeat.winlogbeat.yml
2017-04-18T11:21:33+01:00 DBG Using highest priority API, wineventlog, for event log Security
2017-04-18T11:21:33+01:00 DBG Initialized EventLog[Security]
2017-04-18T11:21:33+01:00 DBG Using highest priority API, wineventlog, for event log Application
2017-04-18T11:21:33+01:00 DBG Initialized EventLog[Application]
2017-04-18T11:21:33+01:00 DBG Using highest priority API, wineventlog, for event log Security
2017-04-18T11:21:33+01:00 DBG Initialized EventLog[Security]
2017-04-18T11:21:33+01:00 INFO winlogbeat start running.
2017-04-18T11:21:33+01:00 DBG Windows is interactive: false
2017-04-18T11:21:33+01:00 DBG WinEventLog[Security] using subscription query=
*[System[TimeCreated[timediff(@SystemTime) <= 7200000]]]
2017-04-18T15:14:33+01:00 DBG EventLog[Security] Read() returned 0 records
2017-04-18T15:14:33+01:00 INFO No non-zero metrics in the last 30s
2017-04-18T15:14:34+01:00 ERR Connecting error publishing events (retrying): dial tcp 192.168.6.103:5044: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
2017-04-18T15:14:34+01:00 DBG send fail
Regards,
Balasubramaniam
There is a connection failure to your Logstash server. Check that the server is running. Can you ping the IP from the Windows host? Can you telnet to port 5044 on the LS server from the Windows host?
Hi Andrew,
Iam new to cloud instance, getting confused. Any other way to communicate cloud windows to vmware ubuntu server.
My Winlog Config file@windows client below,
winlogbeat.event_logs:
- name: Security
ignore_older: 2h
event_id: 4727, 4731, 4754, 4726
- name: Application
ignore_older: 2h
- name: Security
ignore_older: 2h
output.logstash:
hosts: ["192.168.6.103:5044"]
bulk_max_size: 1024
index: winlogbeat
tls:
certificate_authorities: ['C:/ProgramData/winlogbeat/logstash-forwarder.crt']
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: debug
Regards,
Balasubramaniam
The two machines must have IP connectivity in order for Winlogbeat to push message to Logstash.
192.168.6.103 is an internal IP address. Are the two hosts running on the same network? Does the LS server have a public IP address that you need to be using instead?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.