I'm trying to setup logstash on a server with no internet access to read windows event logs
I've followed the instructions here - https://www.elastic.co/guide/en/logstash/current/offline-plugins.html
- Installed logstash-input-eventlog on my desktop (with internet access)
- Run the command
bin\logstash-plugin prepare-offline-pack --output C:\Development\Stuff\ElasticStack\plugins\logstash-input-eventlog logstash-input-eventlog - Copied the file to the server
- Ran the command
bin\logstash-plugin install file://C:/ElasticStack/logstash-5.2.2/logstash-input-eventlog.zip
Output (with debug):
Local file: /ElasticStack/logstash-5.2.2/logstash-input-eventlog.zip
Installing with strategy: LogStash::PluginManager::PackInstaller::Local
LogStash::PluginManager::FileNotFoundError: Can't file local file /ElasticStack/logstash-5.2.2/logstash-input-eventlog.zip
execute at c:/ElasticStack/logstash-5.2.2/lib/pluginmanager/pack_installer/local.rb:23
execute at c:/ElasticStack/logstash-5.2.2/lib/pluginmanager/install.rb:32
run at c:/ElasticStack/logstash-5.2.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67
execute at c:/ElasticStack/logstash-5.2.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/subcommand/execution.rb:11
run at c:/ElasticStack/logstash-5.2.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67
run at c:/ElasticStack/logstash-5.2.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132
(root) at c:\ElasticStack\logstash-5.2.2\lib\pluginmanager\main.rb:46```
I've tried several formats for file path with no luck. The format used in the example above can be copied into windows explorer to successfully navigate into the zip file.
Any ideas?
Thanks
Fran