Please see the version info, date and links on any of my posting. If it's too old, don't follow the direction. Note however, that http://nssm.cc/ is still good utility to use.
It's easier for me to use Linux for development, but often times I find myself in the situation to run popular tools on Windows.
logstash is a popular tool for logs and event managing.
To install logstash on Windows, modify and save this configuration file. Below is just an example to be used with a local elasticsearch. Make sure it's in ANSI encoding, not UTF-8. I saved it as C:\opt\logstash-1.4.2\logstash.conf Please note that below configuration is just an example. Please read logstash documents:
input { stdin { } } output { elasticsearch { host => localhost } stdout { codec => rubydebug } }
For Windows event logs, use this:
input { eventlog { type => 'Win32-EventLog' logfile => 'System' } }
Run it:
C:\> cd \opt\logstash-1.4.2\ C:\opt\logstash-1.4.2>bin\logstash.bat agent -f logstash.conf
To make this as a Windows service, there are some utilities, mainly I found these are the easiest to use:
I like nssm's approach is more Windows-like and simpler. See NSSM usage page: http://nssm.cc/usage Run it by issuing this command: nssm install
GUI window will appear, and configure it as following:
Just configure Application and Environment tabs. Check services:
2 comments:
Thanks Kim for detailed steps.
I'm not able to collect Window event Logs probably doing something (very) wrong so kindly suggest me.
But it's working fine with IIS logs means IIS logs are nicely picked up by logstash, but I haven't been able to get the eventlog to work. I'm on Logstash & elasticsearch 1.4.2 on Windows 7
This is my logstash.conf; what am I missing?
input {
eventlog {
type => "Win32-EventLog"
logfile => "System"
}
}
output {
elasticsearch {
host => "localhost"
protocol => "http"
}
}
it does not work for me as well in win7. I got this error:
last error: cannot load Java class org.apache.http.client.utils.SSLConnectionSocketFactory>
It works in win10. Any clue?
Post a Comment