Hello,
I have a few remote windows machines forwarding OS events using the WEF feature to one central windows machine and I am trying to read that data through Logstash and forward it to my application. I see below error when I try to add the new input type as 'ForwardedEvents'.
C:\logstash2.2.1\bin>logstash --configtest -f C:\logstash2.2.1\logstash\plugins\logstash\config\logstash-scala.conf
io/console not supported; tty will not be manipulated
e[31mInvalid setting for eventlog input plugin:
input {
eventlog {
# This setting must be a ["Application", "Security", "System"]
# Expected one of ["Application", "Security", "System"], got ["ForwardedEvents"]
logfile => "ForwardedEvents"
...
}
} {:level=>:error}e[0m
Error: Something is wrong with your configuration.
Here is my confg file input section.
######################################################### {COPYRIGHT-END} ###
input {
eventlog {
type => 'Win32-EventLog'
#logfile => 'System'
logfile => 'Application'
}
eventlog {
type => 'Win32-EventLog'
logfile => 'Security'
}
eventlog {
type => 'Win32-EventLog'
logfile => 'System'
}
eventlog {
type => 'Win32-EventLog'
logfile => 'ForwardedEvents'
}
}
I have identified the forwarded events are going to be stored in a different file than the the usual System,Application or Security files.
Any thoughts are greatly appreciated. Thanks.
Sam