I'm new to WinLogBeat and trying to setup in my work machine and ofcourse due to lack of Admin privileges I'm not able to start WinLogBeat as a service as mentioned in the setup docs. I have couple of questions on how WinLogBeat works, tried exploring in google, but couldn't find an answer.
Why every tutorial on internet suggests to copy the WinLogBeat dir into C:\program files. Won't it work If this is outside of C drive ?
Why do we need to start this as a service. I was able to work with FileBeat without having such issues.
How do WinLogBeat knows that In where to look for Windows services details !
Does it just listens to windows events and keep sending the events to output as per the config mentioned in winlogbeat.yml .
Tutorials suggest C:\Programs because that's where most programs run and they like to keep things organized. I will run outside of that.
You don't have to have it run as a service but doing so will enable it to survive and comeback up automatically after a reboot or power cycle.
Not quite sure what you are asking with the last question but the .yml file tells it what to send. Also FYI make sure you put "ignore_older: 24h" after every log. Your screenshot will ignore that for the application log. The security and system log will send ALL logs every time that restarts duplicating lots of data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
