Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logstash-Forwarder on windows #524

Open
cnozmn opened this issue Sep 3, 2015 · 9 comments
Open

Logstash-Forwarder on windows #524

cnozmn opened this issue Sep 3, 2015 · 9 comments

Comments

@cnozmn
Copy link

cnozmn commented Sep 3, 2015

I have an ELK stack on CentOS7. I am getting syslog from logstash-forwarder on centos. But I want to get syslogs from windows client to the same system(ELK on centos). So is it possible with logstash-forwarder on windows? Because I downloaded logstash-forwarder.exe but it doesn't work. ( I tried on win-xp and win8 )

Im looking forward to some sugg.
Thanks a lot

@cnozmn
Copy link
Author

cnozmn commented Sep 7, 2015

Are there anyone ?

@ruflin
Copy link

ruflin commented Sep 23, 2015

@cnozmn Can you give some more details on your issue? Do you get any errors?

@cnozmn
Copy link
Author

cnozmn commented Sep 28, 2015

Actually, no errors. Because Im in beginning point. I setup ELK on centos. And I opened rsyslog on the other centos machine to get syslog. So when I look "tcpdump", I'm getting syslog but I couldnt see on Kibana. I think that I need some plugin or configuration. But I couldnt find true configuration.
Thanks for your interest.

@ruflin
Copy link

ruflin commented Oct 7, 2015

You need the logstash-forwarder which can be downloaded here: https://www.elastic.co/downloads/logstash

As the next release of logstash-forwarder is filebeat and some windows issues were fixed, I recommend you to directly get started with filebeat. Unfortunately there are no binaries available yet and you must build the binary yourself from source.

@cnozmn
Copy link
Author

cnozmn commented Oct 7, 2015

For example, I will get syslogs from Fortigate Firewall. I need to use logstash without agent. Now syslogs are coming to my system from rsyslog of client machine. I have tried many example of syslog conf on internet. If I put the payload of syslog with "telnet localhost 514" I can see on Kibana. But, I want those come automatically. What should I do ?

@ruflin
Copy link

ruflin commented Oct 7, 2015

Can you install logstash-forwarder on the client machine?

@cnozmn
Copy link
Author

cnozmn commented Oct 8, 2015

I have many clients. "for example fortigate" which is firewall so I can't install anything. My issue is "without logstash-forwarder". I'm using logstash forwarder too but just for some clients, I can't use that one for all clients and I need another option.

@ruflin
Copy link

ruflin commented Oct 8, 2015

@cnozmn You can configure syslogd to forward the logs to logstash directly: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-syslog.html

@jordansissel
Copy link
Contributor

Is this still an issue? It seems more like a question than a bug or feature request - maybe try asking on https://discuss.elastic.co/ ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants