Logstash Under Windows Server - Questions


(Tim Dunphy) #1

Hi all,

I have a few questions about using logstash under Windows Server.

  •      How LogStash implemented on Windows servers?  As a windows service (application running in the background like a daemon)?  As a plug-in to the application code (SQL Server and/or IIS)?  Installed application?  Does it require a shared folder for custom logs? 
    
  •      Can LogStash support/plug-in/read directly to the various built-in Windows event logs?
    
  •      Can LogStash utilize SCOM APIs to extract data directly from SCOM (Windows System Center Operations Manager)?
    

I'm very interested to know!

Thanks


(Mark Walkom) #2
  1. As an application, you can set it up as a service if you want.
  2. Yep! https://www.elastic.co/guide/en/logstash/current/plugins-inputs-eventlog.html
  3. Nope.

(Tim Dunphy) #3

Thanks! But I still have these questions remaining:

  1. Is logstash on windows a plug-in to the application code (SQL Server and/or IIS)?
  2. Does LS require a shared folder for custom logs?

Thanks


(Mark Walkom) #4

Logstash is a standalone application, not a plugin.
It doesn't require a shared folder, it can be any folder.


(Tim Dunphy) #5

ok thanks!


(system) #6