You don’t have to but it may generate a lot of logs
so far so good I guess 
nothing is showing could it be the port not open?
Do you have port 5044 opened on Graylog server?
let me double check, when I was running nmap earlier on my graylog server it the only port open was 9000 even though I added 5044
hey
you should check your logs like @Wine_Merchant mention earlier.
just enabled it and it worked thank you so much
So you have logs showing now?
that’s quite strange that it didnt work on the device that wasn’t hosting the vm server
1 Like
Ok so you have 30 more minute left of my time goo job @NEW2GRAY
ok my other question since I was able to now get logs firewall logs from this computer, would it be the same thing for a windows server? also how can I get syslogs to show
Yes, All windows Operating systems have event viewer.
but why didn’t winlogbeat show on my other sidecars that I added? It randomly showed after I added the device that is currently hosting the graylog server on hyper-v
previously I was testing other test devices such as a test laptop/desktop
Not sure but I can tell you this.
FileBeat is really good for Linux,
Winlogbeat is really good for Windows system
Nxlog is good for Both but take some work to make it right
winlog beat captures all window logs or just firewall?
Winlogbeat capture Event View logs , this would be like FileBeat capture Linux /var/log
BUT in some cases where you would have some open source install on Windows perhaps FileBeat would be the way to go for that. With windows you have permission and ports that may need to be opened/configured. Windows Pro/home normally do but Windows Server may have restriction on what ports are opened so you would have to open them by creating a firewall policy
Ok and if I was to look at setting up syslog I can export those logs to the graylog server with GELF and need to open 12201 port?
Windows Syslog is Event Viewer, On Ubuntu syslog is the system log file.
/var/log/syslog
By default GL input syslog UDP or TCP is set for port 12201 , But you do not have to use that port, so long as its above port 1024. any port below 1024 is a privilege port meaning root. But that for another day just stay above port 1024 u should be good.