hi everyone
I am kind of new to ELK.
I am using filebeat to send huge numbers of logs from log servers to logstash machines.
I need to know as to how to forward windows audit logs, event logs IIS logs to the server?
What changes should be made to the config file of filebeat?
For Windows event logs use Winlogbeat, not Filebeat.
thanks magnus for replying quickly
but the problem is that i cant use winlogbeat as i am supposed to be using filebeat.
is it possible to forward the windows logs using filebeat??
but the problem is that i cant use winlogbeat as i am supposed to be using filebeat.
Filebeat is the wrong tool for Windows event logs as they are binary files.
is it possible to forward the windows logs using filebeat??
No.
thanks
so Will I be able to forward IIS logs using Winlogbeat?
Aren't they plain text? If so you should use Filebeat.
thanks
Winlogbeat any tutorial available?
Is https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-getting-started.html unclear or insufficient?
Configuration-wise Winlogbeat is very similar to Filebeat.
i guess there wont be an issue to run both filebeat and winlogbeat in the same machine?
No, of course not.
thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.