Configuring Winlogbeat

Reading Time: < 1 minute

1 . Once the program is installed, we need to edit its configuration file called “winlogbeat.yml” and make some changes to make it work with BLËSK. To do this, you edit the Winlogbeat configuration file to disable the Elasticsearch output by commenting it out and enable the Logstash output by uncommenting the logstash section.

The hosts option specifies the BLËSK server IP and the port (5044) where BLËSK is configured to listen for incoming log  connections. In our example, the IP of BLËSK is 1.2.3.4 and we send logs on port 5044.

2 . After you save your configuration file, test it with the following command.

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe -c .\winlogbeat.yml -configtest -e

wpadmin
Author: wpadmin

You may also like

Installing Winlogbeat

Installing Winlogbeat

Reading Time: < 1 minute 1 . Download the Winlogbeat zip file from the downloads page. 2 . Extract the contents into C:\Program Files. 3 . Rename […]

Starting Winlogbeat

Starting Winlogbeat

Reading Time: < 1 minute 1 . Start the Winlogbeat service with the following command: PS C:\Program Files\Winlogbeat> Start-Service winlogbeat Winlogbeat should now be running. If you […]

Introduction

Introduction

Reading Time: < 1 minute Revision 1.0.1 – (11-01-2017)   Winlogbeat ships Windows event logs to a syslog server such as BLËSK. You can install it as […]