Windows logstash input section for adding new input type


(sam) #1

Hello,

I have a few remote windows machines forwarding OS events using the WEF feature to one central windows machine and I am trying to read that data through Logstash and forward it to my application. I see below error when I try to add the new input type as 'ForwardedEvents'.

C:\logstash2.2.1\bin>logstash --configtest -f C:\logstash2.2.1\logstash\plugins\logstash\config\logstash-scala.conf
io/console not supported; tty will not be manipulated
e[31mInvalid setting for eventlog input plugin:

input {
eventlog {
# This setting must be a ["Application", "Security", "System"]
# Expected one of ["Application", "Security", "System"], got ["ForwardedEvents"]
logfile => "ForwardedEvents"
...
}
} {:level=>:error}e[0m
Error: Something is wrong with your configuration.

Here is my confg file input section.

######################################################### {COPYRIGHT-END} ###
input {
eventlog {
type => 'Win32-EventLog'
#logfile => 'System'
logfile => 'Application'

}

eventlog {
	type  => 'Win32-EventLog'
	logfile  => 'Security'
	
}

eventlog {
	type  => 'Win32-EventLog'
	logfile  => 'System'
}

eventlog {
	type  => 'Win32-EventLog'
	logfile  => 'ForwardedEvents'
}

}

I have identified the forwarded events are going to be stored in a different file than the the usual System,Application or Security files.

Any thoughts are greatly appreciated. Thanks.

Sam


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.