I am brand new to this software. I have been searching for information on how to correctly get Logstash to see logs from Snare with no success. I currently have about 20 servers half Linux half windows. All Linux machines are using Filebeat to send the logs to Logstash server via port 9200 (I can see these logs in Kibana with no issue) and the windows machines logs are being sent to a dedicated Snare server. The Snare server is then sending the logs to the IP of the E.L.K server on port 9200 as well.
I have a windows config file under /etc/logstash/conf.d/windows.conf with the following configuration.
input {
eventlog {
type => 'Win32-EventLog'
logfile => 'Application'
}
}
I'm not sure if I'm going about this the right way. Any help would be appreciated.