Logstash Under Windows Server - Questions

bluethundr · June 19, 2015, 3:20pm

Hi all,

I have a few questions about using logstash under Windows Server.

     How LogStash implemented on Windows servers?  As a windows service (application running in the background like a daemon)?  As a plug-in to the application code (SQL Server and/or IIS)?  Installed application?  Does it require a shared folder for custom logs?

     Can LogStash support/plug-in/read directly to the various built-in Windows event logs?

     Can LogStash utilize SCOM APIs to extract data directly from SCOM (Windows System Center Operations Manager)?

I'm very interested to know!

Thanks

warkolm · June 20, 2015, 1:27am

As an application, you can set it up as a service if you want.
Yep! https://www.elastic.co/guide/en/logstash/current/plugins-inputs-eventlog.html
Nope.

bluethundr · June 22, 2015, 3:38am

Thanks! But I still have these questions remaining:

Is logstash on windows a plug-in to the application code (SQL Server and/or IIS)?
Does LS require a shared folder for custom logs?

Thanks

warkolm · June 22, 2015, 4:20am

Logstash is a standalone application, not a plugin.
It doesn't require a shared folder, it can be any folder.

bluethundr · June 22, 2015, 4:22am

ok thanks!