How to send Windows Event Logs from other servers to ELKwin?

3 posts / 0 new
Last post
Anonymous
How to send Windows Event Logs from other servers to ELKwin?

Hello,

First of all, THANK YOU for ELKwin - it's just amazing and it was running within seconds.

I just need some time to learn about dashboards and visualizations, but I am already impressed about it.

At this point I can see the local event logs, but how is it possible to send logs from other Windows server to my ELKwin?

I have one server which has an eventlog subscription of all other servers - very cool would be to send all logs from this one server to Logstash.

Could you help me?

Thank you very much.

 

Best regards,

Bastian

itefix
Offline
Last seen: 19 hours 44 min ago
Joined: 01.05.2008 - 21:33
 

 

You can use Winlogbeat. Just follow instructions and specify your Elkwin host as receiver. You may need to arrange firewall openings for related ports.

toasti
Thank you, this is working

Thank you, this is working well!

But I have another problem.  If I add the beats plugin to the logstash.conf the service for logstash will be stopped and restarted again and again:

Please look at this link, it was not possible to put in all logs here: http://textuploader.com/da0s1

Syslog plugin is working well!

Do you have any idea how to solve that?

I want to use filebeat on another server to send logs.

 

Thank you!!