I have installed ELK on ubuntu in vmware and Windows 10 is my main OS. I want to send sysmon logs to logstash that's on ubuntu from my windows system through winlogsbeat please guide me step by step how to do it ..
A getting start guide for Winlogbeat can be found here: https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-getting-started.html
You need to use the sysmon module of winlogbeat: https://www.elastic.co/guide/en/beats/winlogbeat/master/winlogbeat-module-sysmon.html
Configure the Logstash output: https://www.elastic.co/guide/en/beats/winlogbeat/master/logstash-output.html
I've gone through all of them yet I can't figure it out what's the matter .. I just need someone who guides me step by step and see where's the issue
What is the issue? Can you share an error message?
It's Solved .. Thank You very much ...
Actually The problem wasn't in the configuration the problem was that there wasn't a connection the 2 operating systems .. I could ping one OS from the other but not Vise versa .. Once I solved that things started to run smoothly
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.