Start process Winlogbeat

mually · June 30, 2019, 6:22am

Hi,

I recently installed Winlogbeat 7.2.0 and Auditbeat 7.2.0.
The README.md file included with the application download contains the instruction below.
"
To get started with Winlogbeat, you need to set up Elasticsearch on
your localhost first. After that, start Winlogbeat with:

 ./winlogbeat -c winlogbeat.yml -e

"
When I run the command in PowerShell to start Winlogbeat, there is continuous output in the shell (example below).
Do I need to leave this running in order for Winlogbeat to report events to Elasticsearch?

2019-06-30T08:20:08.675+0200 INFO beater/eventlogger.go:76 EventLog[System] successfully published 20 events

Regards,
Mohammed

Juanma · June 30, 2019, 1:36pm

Hello @mually

You also can start it as a service as you can see in the following documentation link https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-starting.html

Winlogbeat should be running in order to report logs to elasticsearch. If you stop the process in charge of the collection of the logs the log ingestion will stop .

I hope this helps

mually · July 1, 2019, 7:25am

Hi Juan,

I assumed the running process will report logs to elasticsearch.
Thanks for confirming!

Regards,
Mohammed

Topic		Replies	Views
Correct way to Start and Stop Winlogbeat with Powershell Beats winlogbeat	6	4203	October 28, 2018
[Help] Help about Winogbeat service failure Beats winlogbeat	1	234	February 29, 2024
Winlogbeat service doesnot startup in Windows 10 Beats winlogbeat	2	821	December 11, 2017
Unable to get winlogbeat to send to logstash Beats winlogbeat	29	5994	May 25, 2017
Filebeat and Windows Eventlog Beats filebeat	7	3525	July 5, 2017

Start process Winlogbeat

Related topics