search

elastic / logstash-forwarder

An experiment to cut logs in preparation for processing elsewhere. Replaced by Filebeat: https://github.com/elastic/beats/tree/master/filebeat
Other
1.79k stars 415 forks source link

Logstash-Forwarder on windows #524

Open cnozmn opened 9 years ago

cnozmn commented 9 years ago

I have an ELK stack on CentOS7. I am getting syslog from logstash-forwarder on centos. But I want to get syslogs from windows client to the same system(ELK on centos). So is it possible with logstash-forwarder on windows? Because I downloaded logstash-forwarder.exe but it doesn't work. ( I tried on win-xp and win8 )

Im looking forward to some sugg. Thanks a lot

cnozmn commented 9 years ago

Are there anyone ?

ruflin commented 9 years ago

@cnozmn Can you give some more details on your issue? Do you get any errors?

cnozmn commented 9 years ago

Actually, no errors. Because Im in beginning point. I setup ELK on centos. And I opened rsyslog on the other centos machine to get syslog. So when I look "tcpdump", I'm getting syslog but I couldnt see on Kibana. I think that I need some plugin or configuration. But I couldnt find true configuration. Thanks for your interest.

ruflin commented 9 years ago

You need the logstash-forwarder which can be downloaded here: https://www.elastic.co/downloads/logstash

As the next release of logstash-forwarder is filebeat and some windows issues were fixed, I recommend you to directly get started with filebeat. Unfortunately there are no binaries available yet and you must build the binary yourself from source.

cnozmn commented 9 years ago

For example, I will get syslogs from Fortigate Firewall. I need to use logstash without agent. Now syslogs are coming to my system from rsyslog of client machine. I have tried many example of syslog conf on internet. If I put the payload of syslog with "telnet localhost 514" I can see on Kibana. But, I want those come automatically. What should I do ?

ruflin commented 9 years ago

Can you install logstash-forwarder on the client machine?

cnozmn commented 9 years ago

I have many clients. "for example fortigate" which is firewall so I can't install anything. My issue is "without logstash-forwarder". I'm using logstash forwarder too but just for some clients, I can't use that one for all clients and I need another option.

ruflin commented 8 years ago

@cnozmn You can configure syslogd to forward the logs to logstash directly: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html

jordansissel commented 8 years ago

Is this still an issue? It seems more like a question than a bug or feature request - maybe try asking on https://discuss.elastic.co/ ?