We have looked into How will be windows operating system logs integrate with elastic cloud. So, Events log in Operating system is very important play role. You will be ensure your operating system working well or not you have to maintain via maintenance. If your system is not working like others day, How will be get to know where will be error are popping up. So for the maintenance purpose and for security concern we should check our logs in daily basis.
Key Role
- Create free account on elastic cloud account on elastic
- Integrate your machine with elastic using winlogbeats client
- Aggregate your machine’s logs on elastic
- Create a dashboard to summarize the logs from your machine
Create free account on elastic cloud
Simply go to Elastic-cloud. Fill out the Details. And enter into the account.
Now, Click on “Start your Free Trial”.
Now, Enter your deployment name and create one. After that download the password for this deployment.
Hit Enter “Add data”
Integrate your machine with elastic using winlogbeats client
There are lots of services that are listed on to list. But in this blog We are looking into winlogbeat that is fetching the logs from your machine (Windows 10). So, go down to bottom and click on to “Windows Event Log”.
After click on to it. Now its getting the installation guide.
Now, Go to the link and download winlogbeat according to your hardware architecture into your windows 10 operating system.
Extract the zip file and move to “C:\Program Files”, Re-name the folder as “winlogbeats”. Now open the powershell in administrative privileges. Enter into directory where you have move the folder.
Before That In ” C:\Program Files\winlogbeats\winlogbeat.yml” if don’t want to wait 72h So, remove “ignore_older: 72h”.
You can also add more event logs for finding the more event logs just enter the command into PowerShell you got the all event list
Add to the event logs list
By default dashboard is disabled as you can see in the comment we just un-comment it and false make it true.
moving to bottom and make localhost to your local ip as you can see in my case its “192.168.1.108”
Now enter your credentials that you got it from the “Installation Guide”.
make localhost into your local ip
Now, we ready to run winlogbeat before that we have to run some commands into powershell
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1
check your configuration file just follow the command
.\winlogbeat.exe test config -c .\winlogbeat.yml -e
Aggregate your machine’s logs on elastic
Now, We are ready to run our winlogbeat just follow the commands
.\winlogbeat.exe setup -e
Start-Service winlogbeat
click on check data, Now we are ready to check out our logs into dashboard.
Create a dashboard to summarize the logs from your machine
Go to dashboard and click on to “Create Dashboard”, Now go to “Add from library” and add your library according to your need.
