Winlogbeat wont send logs

Forgive me, Ive been using Elk for less than a week. i am trying to get windows logs forwarded to Logstash, but cant seem to get them to go. I have seen a few different setups with SSL Certs and what not, are those required? I have only just configured the ELK stack so we dont have anything else in it at the moment. ITs likely that ive just missed a step or two in the configuration process. Any help would be appreciated. Thanks!

Kevin

If you follow the Winlogbeat getting started guide, you should get it working.

Certificates are optional, but it's highly recommended to setup encryption and authentication in production environments.

Are you sure you are connecting to the LS host? Are you sure your configuration file is correct? You can check both by running the following two commands:

winlogbeat.exe test config
winlogbeat.exe test output

If everything looks good, check the port in LS you are sending to. Are you getting a TCP connection or is the port even listening. I use

%netstat -an |grep "port number"

Good luck

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.