Start process Winlogbeat

mually · June 30, 2019, 6:22am

Hi,

I recently installed Winlogbeat 7.2.0 and Auditbeat 7.2.0.
The README.md file included with the application download contains the instruction below.
"
To get started with Winlogbeat, you need to set up Elasticsearch on
your localhost first. After that, start Winlogbeat with:

 ./winlogbeat -c winlogbeat.yml -e

"
When I run the command in PowerShell to start Winlogbeat, there is continuous output in the shell (example below).
Do I need to leave this running in order for Winlogbeat to report events to Elasticsearch?

2019-06-30T08:20:08.675+0200 INFO beater/eventlogger.go:76 EventLog[System] successfully published 20 events

Regards,
Mohammed

Juanma · June 30, 2019, 1:36pm

Hello @mually

You also can start it as a service as you can see in the following documentation link https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-starting.html

Winlogbeat should be running in order to report logs to elasticsearch. If you stop the process in charge of the collection of the logs the log ingestion will stop .

I hope this helps

mually · July 1, 2019, 7:25am

Hi Juan,

I assumed the running process will report logs to elasticsearch.
Thanks for confirming!

Regards,
Mohammed

system · July 22, 2019, 7:25am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correct way to Start and Stop Winlogbeat with Powershell Beats winlogbeat	6	3728	October 28, 2018
[Help] Help about Winogbeat service failure Beats winlogbeat	1	202	February 29, 2024
Winlogbeat - Cannot start Beats winlogbeat	4	2396	November 5, 2019
SIEM, Winlogbeat and Windows Auditing Beats winlogbeat	2	485	July 11, 2020
Winlogbeat - PowerShell arguments Beats winlogbeat	1	356	July 29, 2019

Start process Winlogbeat

Related topics