Differences

This shows you the differences between two versions of the page.

--- siteadmin:filebeat_for_windows_configuration [2018/03/06 09:32] – admin
+++ siteadmin:filebeat_for_windows_configuration [2019/10/18 13:54] (current) – [Experimental] admin
@@ Line 9: / Line 9: @@
   - Start/Restart the filebeat service.
-This is the bare minimum for taking the logs from NPS and sending them to the Govroam log server. Get this working first before trying the encryption. JISC will need to know the hostname/IP address of the system sending the logs (or the public IP from which the logs originate) so that the firewall can be updated.
+This is the bare minimum for taking the logs from NPS and sending them to the Govroam log server. Get this working first before trying the encryption.
+**JISC will need to know the hostname/IP address of the system sending the logs (or the public IP from which the logs originate) so that the firewall can be updated.**
 Adding encryption is pretty straightforward.
@@ Line 16: / Line 18: @@
 If you're using the hostname **elk.govroam.uk** and have a set of Root CAs installed (normally the default for the OS) then filebeat should just be able to enable encryption. Run it in command line mode to see any errors. See the [[https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html|official filebeat SSL guide]] for details.
+====Experimental====
+Suggested here:  https://discuss.elastic.co/t/logstash-xml-parse-with-meta-data/103687/6 for dealing with errors in logstash.
+<code>
+filebeat.prospectors:
+- type: log
+  paths:
+    - /path/to/log
+  encoding: 'windows-1252'
+#  multiline.pattern: '^\<\?'
+#  multiline.negate: true
+#  multiline.match: after
+  fields_under_root: true
+</code>