Loading remote configs

amclaughlin · June 11, 2019, 3:30pm

We are in the early stages of an installation of the ELK stack, and we are going to be using Winlogbeat as part of a SIEM platform that uses the ELK stack as the backbone.

We would very much like to not have to maintain 3,000+ various configuration files across servers and workstations. While I know that we can use SCCM to maintain the configuration files, several hundred to perhaps a thousand endpoints are not in constant communication with SCCM and thus wouldn't fit this model.

Has anyone had success with changing the path variable in the yml file to use an offsite or cloud-based file?

Cheers!

Michael_Madden · June 27, 2019, 7:11pm

Hi Andrew, thanks for reaching out. While beats central management is still in beta, it sounds very similar to what you're looking for.

https://www.elastic.co/guide/en/beats/filebeat/current/configuration-central-management.html

Let us know if you have questions.

system · July 25, 2019, 7:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.