Start process Winlogbeat

mually · June 30, 2019, 6:22am

Hi,

I recently installed Winlogbeat 7.2.0 and Auditbeat 7.2.0.
The README.md file included with the application download contains the instruction below.
"
To get started with Winlogbeat, you need to set up Elasticsearch on
your localhost first. After that, start Winlogbeat with:

 ./winlogbeat -c winlogbeat.yml -e

"
When I run the command in PowerShell to start Winlogbeat, there is continuous output in the shell (example below).
Do I need to leave this running in order for Winlogbeat to report events to Elasticsearch?

2019-06-30T08:20:08.675+0200 INFO beater/eventlogger.go:76 EventLog[System] successfully published 20 events

Regards,
Mohammed

Juanma · June 30, 2019, 1:36pm

Hello @mually

You also can start it as a service as you can see in the following documentation link https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-starting.html

Winlogbeat should be running in order to report logs to elasticsearch. If you stop the process in charge of the collection of the logs the log ingestion will stop .

I hope this helps

mually · July 1, 2019, 7:25am

Hi Juan,

I assumed the running process will report logs to elasticsearch.
Thanks for confirming!

Regards,
Mohammed

system · July 22, 2019, 7:25am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Help] Help about Winogbeat service failure Beats winlogbeat	1	200	February 29, 2024
Winlogbeat 8.13.0 dont start service Beats winlogbeat	9	421	May 27, 2024
Filtering Windows Events - Beats winlogbeat	6	3897	June 15, 2017
Winlogbeat can't start the service (Solved) Beats winlogbeat	5	13700	June 13, 2016
Forward Archived .evtx files Beats winlogbeat	6	28	October 24, 2024

Start process Winlogbeat

Related Topics