Please install Winlogbeatin the Windows system to monitor.
In order to be able to establish a secure connection to the Coralogix Portal from the monitored Windows System, please download the correct SSL/TLS Certificate Authority as indicated in the table above. This certificate will be used later on to configure Winlogbeat.
Application Name – The name of your main application, for example, a company named “SuperData” would probably insert the “SuperData” string parameter, or if they would like to debug their test environment they might insert something like “SuperData-Test”.
Subsystem Name – Your application probably has multiple Subsystems; for example: Backend-Servers, Middleware, Frontend-Servers, etc. Inserting the SubSystem Name facilitate your data’s examination.
1. Create a directory (for example C:\Certs) in the Windows station to monitor (where you had already installed Winlogbeat).
2. Download the appropriate SSL/TLS Certificate Authority for your Coralogix Portal as per the table above, and copy it to the C:\Certs directory. For example: C:\Certs\Coralogix-EU.crt.
If you use a different drive letter or directory location, please modify the sample configuration file below (winlogbeat.yml) to match the correct location.
In this example Winlogbeat will send Application, System, and Security Windows logs to a Coralogix Portal with a .com domain extension. Please adjust this configuration file to match your specific portal (both the Coralogix logstashserver and corresponding certificate).
#=========================== Winlogbeat Event Logs ============================
- name: Application
- name: System
- name: Security
#----------------------------- Logstash output --------------------------------
#If your Coralogix domain ends with .com use logstashserver.coralogix.com
#If your Coralogix domain ends with .us use logstashserver.coralogix.us
#If your Coralogix domain ends with .in use logstash.app.coralogix.in
3. If you followed correctly the Winlogbeat installation instructions earlier in this document, it should reside under:
Please make a backup copy of the default winlogbeat.yml file now from the installation directory, and create a new winlogbeat.yml file using the code from step #2 above.
Please modify this new configuration file as needed to suit your environment. Also copy the winlogbeat.yml file to the installation directory (which is the same directory where “winlogbeat.exe” resides).
4. To test the Winlogbeat configuration, please open PowerShell in Administrator mode and issue the command:
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e
To test the configuration. In the event that you received an error, please write it down, and contact Coralogix Support for assistance.
5. By now the winlogbeat service should have been already installed in the Windows device to monitor. If you have not done so yet, please issue the following command from an Administrator’s mode PowerShell session from the directory where the install-service-winlogbeat.ps1 PowerShell script resides: