Windows Event Log connector with Logstash

RemyB · February 14, 2024, 12:59pm

Hello all,

I would like to thank you in advance for your time reading my following issue :
In order to install the windows integrations (Windows Event Logs/Windows) and benefit from the provided visualisations and the rules from Elastic Security, I'm trying to setup the integration by modifying the winlogbeat.yml in the Winlogbeat install directory by adding :

output.elasticsearch:
hosts: ["<es_url>"]
username: "elastic"
password: ""
setup.kibana:
host: "<kibana_url>"

However, we use Logstash between the winlogbeat (installed on WEF) and Elasticsearch and I could not figure out which setup to implement making the log appearing in the stream and from the connector.

Does the setup need to be the same when Logstash is used ? Is it going to duplicate the events by adding output.elasticsearch in the winlogbeat config ?

Thank you in advance for your help on this and sorry if the subject has been treated yet in the portal.

Regards,

Remy

leandrojmp · February 14, 2024, 1:07pm

All beats only support one output, so if you need Logstash between your beat and Elasticsearch, then you need to configure the Logstash output.

Check this documentation with the steps to configure the Logstash output.

system · March 13, 2024, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure Winlogbeat to use Logstash and setup kibana dashboards at once Beats winlogbeat	6	27	September 11, 2024
How can I parse Windows Logs? Elasticsearch	7	6501	June 2, 2018
Winlogbeat to Logstash = Config file help required Logstash	1	422	October 15, 2018
Logstash Pipeline not eligible for data streams Logstash	2	186	May 14, 2024
Getting winlogbeat to speak to SecurityOnion Beats winlogbeat	3	5191	March 26, 2019

Windows Event Log connector with Logstash

Related Topics