Coralogix logo
Login
monitoring.png

Monitoring

Proactively monitor your applications and infrastructure in the context of your CI/CD

icon-metric.png

Metrics

Create long term metrics from logs – for maximum business value

icon-SIEM.png

3-Click SIEM

Fully Secure your cloud environments within minutes

icon-optimization.png

Optimize Costs

Get Full observability. Only pay for what’s important to your organization.

icon-ELK.png

ELK Done Better

Hosted, scaled, and secured, with 24/7 rapid support

Coralogix logo
Request Demo
Integrations

Integrations

Event Viewer Logs

winlogbeat integration

Coralogix provides a seamless integration with Winlogbeat to help you send your Windows event viewer logs directly to Coralogix and parse them according to your needs.

Prerequisites

General

Private Key – A unique ID which represents your company, this Id will be sent to your mail once you register to Coralogix.

Company Id – A unique number which represents your company. You can get your company id from the settings tab in the Coralogix dashboard.

Application Name – The name of your main application, for example, a company named “SuperData” would probably insert the “SuperData” string parameter or if they want to debug their test environment they might insert the “SuperData– Test”.

SubSystem Name – Your application probably has multiple subsystems, for example, Backend servers, Middleware, Frontend servers etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.

Configuration

Open your Winlogbeat configuration file and configure it to use Logstash. For more information about configuring Filebeat to use Logstash please refer to https://www.elastic.co/guide/en/beats/winlogbeat/current/config-winlogbeat-logstash.html

Point your Winlogbeat to output to Coralogix Logstash server:

logstashserver.coralogix.com:5015

In addition, you should add Coralogix configuration from the General section.

Here is a basic example of winlogbeat.yml:

#=========================== Winlogbeat Event Logs ============================
​
winlogbeat.event_logs:

name: Application
  name: Applications
- ignore_older: 72h
- name: Security
- name: System

fields_under_root: true
​fields:
    PRIVATE_KEY: "YOUR_PRIVATE_KEY"
    COMPANY_ID: Your company ID
    APP_NAME: "APP_NAME"
    SUB_SYSTEM: "windows_events"
​​
#----------------------------- Logstash output --------------------------------
​
output.logstash:
    enabled: true
    hosts: ["logstashserver.coralogix.com:5015"]
    index: logstash
    tls.certificate_authorities: ["<path to folder with certificates>\\ca.crt"]
    ssl.certificate_authorities: ["<path to folder with certificates>\\ca.crt"]

Test configuration

Before starting test your configuration:

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e

Start Winlogbeat

Start your Winlogbeat service:

PS C:\Program Files\Winlogbeat> Start-Service winlogbeat

You should now have your Windows event viewer logs streaming into Coralogix. Not seeing your logs in our LiveTail? We are always a click away. Use our in-app chat for support. 

Start solving your production issues faster

Let's talk about how Coralogix can help you

Managed, scaled, and compliant monitoring, built for CI/CD

Create a free account
Get a demo

No credit card required

GDPR Ready
SOC 2
HIPAA
GDPR Ready
SOC 2
HIPAA

Company

Resources

AWS-advanced-technology-partner
Red Hat partner badge

© 2020 Copyright Coralogix. All rights reserved

Get a personalized demo

Jump on a call with one of our experts and get a live personalized demonstration