Winlogbeat vs Filebeat

ManuelF · March 30, 2020, 1:46pm

Hi,

Filebeat and Winlogbeat seem to work similarly. Both beats seem to be able to process logs from Windows (in the case of Filebeats, it can also process logs from other OS). My questions would be:

1- Which beat is better to process Windows logs?
2- What advantages does one have over the other?
3- For some reason, would it be worth installing both beats to process Windows logs?

Thank you

warkolm · March 30, 2020, 9:46pm

Files on the file system = filebeat, windows events = winlogbeat
Filebeat is agnostic and can process any file. Winlogbeat will only pull logs from the event logger
Yep, depends on if it's a file or not (as per above)

ManuelF · March 31, 2020, 4:27pm

Thank you @warkolm. Your easy explanation clears the doubts I had. I'm going to test both beats and determine if I should use both or just one of them.

system · April 28, 2020, 4:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat vs Winlogbeat Beats filebeat	2	2980	March 30, 2020
Windows log forwarding using filebeat Beats filebeat	11	4951	March 1, 2017
Winlogbeat and Reading Log Files Beats winlogbeat	5	4325	April 12, 2016
Collecting log files in addition to Windows event logs Beats winlogbeat	3	1912	September 10, 2016
How to use Filebeats for collecting Windows events and Microsoft Exchange Logs Beats filebeat	2	1806	July 5, 2017

Winlogbeat vs Filebeat

Related topics