Hi - I'm new to ELK-Stack, I've managed to install & config the ELK stack on Ubuntu server (I'm a professional Linux sysadmin...) and to setup the winlogbeat on a windows client, I wonder if there is a way to send logs from Windows machines to my ELK-Server without using / installing the agents on Windows clients
Thanks
Hello,
There are a few ways to send data from windows machines to Elasticsearch:
- Use Winlogbeat
- Use Filebeat for text log.
- Use Nxlog to Logstash and to Elasticsearch
The easiest way is Winlogbeat / Filebeat, Is there any specific reason why you don't want to run theses agent on the windows machines?
Hi Pier
My company gives a third party security services so the Windows machines are owned by my clients, I would like to avoid installing agents if it's possible, if there is no other option I'll user winlogbeat
Thanks for the clarification @Roy_Binderman,
Sadly there is no out of the box solution, so winlogbeat would be the way to go!