Pobably someone can help me with winlogbeat.
I use the Graylog Integration in LibreNMS (an SNMP Monitoring tool). It fetches logs via Graylog API and matches fetched logs with the source field of graylog/elastic search.
Winblogbeat populates the source field with it's hostname (short, not FQDN) and in my LibreNMS monitoring the the names are FQDN < so NO MATCH.
I tried various options in my winlogbeat config llike fields.source: {host.name} but they always get me the short hostname.
Is it possible to use ENV variables of the windows host like: %COMPUTERNAME%.%USERDNSDOMAIN% > server01.domain.local
Many thanks and best regards, Flo.
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
fields.source: ${sidecar.nodeName}
output.logstash:
hosts: ["graylog.de.tpg.local:5044"]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:
- name: Application
- name: System
- name: Security
- name: Directory Service
- name: DNS Server
- name: Microsoft-Windows-PrintService/Operational
- name: Kaspersky Event Log
Question
Pobably someone can help me with winlogbeat. I use the Graylog Integration in LibreNMS (an SNMP Monitoring tool). It fetches logs via Graylog API and matches fetched logs with the source field of graylog/elastic search. Winblogbeat populates the source field with it's hostname (short, not FQDN) and in my LibreNMS monitoring the the names are FQDN < so NO MATCH.
I tried various options in my winlogbeat config llike fields.source: {host.name} but they always get me the short hostname. Is it possible to use ENV variables of the windows host like: %COMPUTERNAME%.%USERDNSDOMAIN% > server01.domain.local
Many thanks and best regards, Flo.
Environment