Hello,
I'm installing winlogbeat on a windows server 2019 machine.
I'm fairly certain the config files are ok as the following commands output a positive response. (Also my file/audit/metrics run fine on Linux)
.\winlogbeat.exe test config -c .\winlogbeat.yml
Config OK
.\winlogbeat.exe test output -c .\winlogbeat.yml
All - OK
Is there any way to identify further information on the error below?
There's nothing in the winlogbeat logs, event viewer or powershell
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
Start-Service : Service 'winlogbeat (winlogbeat)' cannot be started due to the following error: Cannot start service winlogbeat on computer '.'.
At line:1 char:1
+ Start-Service <<<< winlogbeat
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ServiceCommandException
+ FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
Please assist if possible.
Below is the YAML extract. The only edits I made are below. I may be missing something.
…
setup.kibana:
host: "https://x.x.x.x:5601"
ssl.enabled: true
ssl.certificate_authorities: ["C:\\Program Files\\Winlogbeat\\x-ca.pem"]
ssl.certificate: "C:\\Program Files\\Winlogbeat\\x.pem"
ssl.key: "C:\\Program Files\\Winlogbeat\\x.key"
ssl.verification_mode: "strict"
…
output.elasticsearch:
hosts: ["https://x.x.x.x:9200"]
ssl.enabled: true
ssl.certificate_authorities: ["C:\\Program Files\\Winlogbeat\\x-ca.pem"]
ssl.certificate: "C:\\Program Files\\Winlogbeat\\x.pem"
ssl.key: "C:\\Program Files\\Winlogbeat\\x.key"
protocol: "https"
username: "elastic"
password: "${xx}"
keystore.path: "${path.config}/data/winlogbeat.keystore"