Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » siteadmin » filebeat_for_windows_configuration
siteadmin:filebeat_for_windows_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
siteadmin:filebeat_for_windows_configuration [2018/03/06 09:30] adminsiteadmin:filebeat_for_windows_configuration [2019/10/18 13:54] (current) – [Experimental] admin
Line 2: Line 2:
  
 Edit the filebeat.yml file: Edit the filebeat.yml file:
-  - Under **filebeat.prospectors** make the path the path to the directory containing the NPS log files (e.g C:\Windows\System32\LogFiles\*) +  - Under **filebeat.prospectors** make the path the path to the directory containing the NPS log files (e.g //C:\Windows\System32\LogFiles\*//
-  - If there is a line 'enabled: falsethen change it to 'true'+  - If there is a line **enabled: false** then change it to **true**
-  - Make sure that the 'output.elasticsearchoutput is commented out +  - Make sure that the **output.elasticsearch** output is commented out 
-  - Under 'output.logstashthe key line is 'hosts:["elk.govroam.uk:5044"] which is where the logs will be sent.+  - Under **output.logstash** the key line is **hosts:["elk.govroam.uk:5044"]** which is where the logs will be sent.
   - Everything else in that section should be commented out.   - Everything else in that section should be commented out.
   - Start/Restart the filebeat service.   - Start/Restart the filebeat service.
  
-This is the bare minimum for taking the logs from NPS and sending them to the Govroam log server. Get this working first before trying the encryption. JISC will need to know the hostname/IP address of the system sending the logs (or the public IP from which the logs originate) so that the firewall can be updated.+This is the bare minimum for taking the logs from NPS and sending them to the Govroam log server. Get this working first before trying the encryption.  
 + 
 +**JISC will need to know the hostname/IP address of the system sending the logs (or the public IP from which the logs originate) so that the firewall can be updated.**
  
 Adding encryption is pretty straightforward. Adding encryption is pretty straightforward.
-  - Under 'output.logstashadd the line 'ssl.enabled: true' +  - Under **output.logstash** add the line **ssl.enabled: true** 
-  - Change the port from 5044 to 5055.+  - Change the port from **5044** to **5055**. 
 + 
 +If you're using the hostname **elk.govroam.uk** and have a set of Root CAs installed (normally the default for the OS) then filebeat should just be able to enable encryption. Run it in command line mode to see any errors. See the [[https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html|official filebeat SSL guide]] for details. 
 + 
 +====Experimental==== 
 + 
 +Suggested here:  https://discuss.elastic.co/t/logstash-xml-parse-with-meta-data/103687/6 for dealing with errors in logstash. 
  
-If you're using the hostname 'elk.govroam.uk' and have a set of Root CAs installed (normally the default for the OS) then filebeat should just be able to enable encryptionRun it in command line mode to see any errors. See the [[https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html|official filebeat SSL guide]] for details.+<code> 
 +filebeat.prospectors: 
 +- type: log 
 +  paths: 
 +    - /path/to/log 
 +  encoding: 'windows-1252' 
 +#  multiline.pattern: '^\<\?' 
 +#  multiline.negate: true 
 +#  multiline.match: after 
 +  fields_under_root: true 
 +</code>
siteadmin/filebeat_for_windows_configuration.1520328643.txt.gz · Last modified: 2018/03/06 09:30 by admin