Start process Winlogbeat

mually · June 30, 2019, 6:22am

Hi,

I recently installed Winlogbeat 7.2.0 and Auditbeat 7.2.0.
The README.md file included with the application download contains the instruction below.
"
To get started with Winlogbeat, you need to set up Elasticsearch on
your localhost first. After that, start Winlogbeat with:

 ./winlogbeat -c winlogbeat.yml -e

"
When I run the command in PowerShell to start Winlogbeat, there is continuous output in the shell (example below).
Do I need to leave this running in order for Winlogbeat to report events to Elasticsearch?

2019-06-30T08:20:08.675+0200 INFO beater/eventlogger.go:76 EventLog[System] successfully published 20 events

Regards,
Mohammed

Juanma · June 30, 2019, 1:36pm

Hello @mually

You also can start it as a service as you can see in the following documentation link https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-starting.html

Winlogbeat should be running in order to report logs to elasticsearch. If you stop the process in charge of the collection of the logs the log ingestion will stop .

I hope this helps

mually · July 1, 2019, 7:25am

Hi Juan,

I assumed the running process will report logs to elasticsearch.
Thanks for confirming!

Regards,
Mohammed

system · July 22, 2019, 7:25am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.