Documentation

Winlogbeat Integration

Alooma supports Elasticsearch's beats protocol to receive events. Using Winlogbeat, it is possible to send Windows Event Logs to Alooma in a few easy steps.

  1. Log in to your Alooma account and add a "Server Logs" input from the Plumbing page.

  2. Give your input a name, and click Next.

  3. Copy the generated token.

  4. Download and install Winlogbeat.

  5. Configure Winlogbeat according to the example configuration below. Replace <YOUR_TOKEN> with the token you copied in step 3. Enter the names of the Windows event logs you want to stream. In our example we're using logstash for the output:

    Copy
    winlogbeat.event_logs:
- name: Application
- name: Security
- name: System


   fields:
     token: "<YOUR_TOKEN>"

   fields_under_root: true

output:
 logstash:
   hosts: ["inputs.alooma.com:5044"]
   ssl:
     enabled: true
   logging.level: debug

    You can further customize your Winlogbeat client by following the example configuration file in Winlogbeat's GitHub repository.

  6. Click Finish.

  7. Start the Winlogbeat service:

    winlogbeatservice.png

That's it, you're ready to send events to Alooma. Enjoy!

In this section:

Search results

    No results found