Hi everyone, I am trying to configure winlogbeat on windows server and send windows events to graylog server, however I could not find any proper guide for configuring it.
Which steps should I follow ?
Should I download logstash on my graylog server ?
How can I visualize the data with graylog which will be captured by logstash ?
Thanks for attention.
Graylog by default doesn’t need anything else other than what you installed via the instructions (Elasticsearch/OpenSearch, MongoDB and Graylog) logstash isn’t needed. For the windows clients you can install Graylog Sidecar for windows which includes winlogbeat.exe as a log shipper. Graylog Sidecar is explained here… When you install Sidecar you set an initial configuration file that tells the Sidecar installation what it needs to know about connecting to the Graylog server… Al subsequent configurations for what and how you want to log can be done in the Graylog GUI and pushed out the the windows servers.
For visualization, once you have the data in, you can use Dashboards to visualize the data - it also can be done on the fly in a search and converted to a Dashboard.
That’s the short - happy to provide more detail if desired… Generally post new questions separately to make the forum more searchable for the future… but feel free to ask for more detail on these things here…
2 Likes
Thanks for your response
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.