Using Winlogbeat with Docker-Compose under Linux

SKiD · October 24, 2019, 3:00pm

Hello,

I'm currently trying to integrate Winlogbeat to my Docker-Compose-Stack, but I'm not really successful with it. The problem is, that I normally download the current Logstash or Filebeat version (referenced in my docker-compose.yml). I want to do the same with Winlogbeat, but as I saw on the docker.elastic.co website, there is no image for doing that. Also, as I was searching how to integrate Winlogbeat to my stack, I couldn't find any helpful topics. I want to use Winlogbeat on my Linux stack by referencing on local EVTX file archives. Is there currently a possibility to do so?

Thank you very much,
Danny.

andrewkroh · October 25, 2019, 1:30am

Winlogbeat depends on the APIs of Windows to read evtx files. So it will not be possible to use Winlogbeat on Linux for this.

SKiD · October 25, 2019, 10:11am

Hey andrewkroh,

thank you very much. I did not know that it is only available for Windows. Okay, I solved the problem by executing Winlogbeat on my Windows machine and passing the data via output to my ELK stack on my Linux machine via the right port.

Best regards,
Danny.

Topic		Replies	Views
Build Winlobeat deb file Beats winlogbeat	5	383	April 28, 2020
Winlogbeat: Logstash as forensic investigator Beats winlogbeat	3	1527	December 31, 2016
Winlogbeat as a docker sibling/sidecar container Beats docker , windows , winlogbeat	6	1510	March 5, 2020
Can't send winlogbeat data to logstash Logstash docker	3	1047	October 17, 2021
Winlogbeat Installation - Getting Started Beats winlogbeat	2	1227	April 12, 2016

Using Winlogbeat with Docker-Compose under Linux

Related topics