logstash--collecting Windows logs using Ngxlog

Collection process 1nxlog = 2logstash + 3elasticsearch

1. Nxlog Use module Im_file to collect log files, turn on location recording function

2. Nxlog using the module TCP output log

3. Logstash use INPUT-TCP, collect logs, and format, output to ES

The Nxlog configuration file above windows

Nxlog.conf

## this is a sample configuration file. see the nxlog  reference manual about the## configuration options. it should be  installed locally and is also available## online at http://nxlog.org/ Nxlog-docs/en/nxlog-reference-manual.html ## please set the root to the  folder your nxlog was installed into,## otherwise it will  not start.  #define  ROOT C:\Program Files\nxlogdefine ROOT C:\Program  files  (x86) \nxlog moduledir %root%\modulescachedir %root%\datapidfile %root%\data\ nxlog.pidspooldir %root%\datalogfile %root%\data\nxlog.log #<input in>#     module      im_msvistalog# for windows 2003 and  earlier use The following:#   module      im_mseventlog#</input>  <Input testfile> Module im_file File  "C:\\test\\\*.log"  savepos  TRUE  # Include JSON and raw formats# Exec  $Message  =  to_json ()  +  " "  +  $raw _event;</input>  <output out>     Module      om_tcp    Host         10.8.210.29    Port         514</Output> <Route 1>    Path         testfile => out</Route>

Logstash Startup configuration file

Logstash.conf

Input {tcp {port] = 514}}filter {json {Source = "message"}}output{elasticsearch {H ost = "127.0.0.1" port = "9200" protocol = "http"}}

This article is from the "Couch People" blog, please make sure to keep this source http://enable.blog.51cto.com/747951/1550579

logstash--collecting Windows logs using Ngxlog