Coralogix provides a seamless integration with Winlogbeat so you can send your logs from anywhere and parse them according to your needs.
- Have
Winlogbeatinstalled, for more information on how to install: https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-installation.html - Install our SSL certificate to your system for providing secure connection. You can download it by link: https://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/ca.crt
Private Key – A unique ID which represents your company, this Id will be sent to your mail once you register to Coralogix.
Company Id – A unique number which represents your company. You can get your company id from the settings tab in the Coralogix dashboard.
Application Name – The name of your main application, for example, a company named “SuperData” would probably insert the “SuperData” string parameter or if they want to debug their test environment they might insert the “SuperData– Test”.
SubSystem Name – Your application probably has multiple subsystems, for example: Backend servers, Middleware, Frontend servers etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.
Open your Winlogbeat configuration file and configure it to use Logstash. For more information about configuring Winlogbeat to use Logstash please refer to: https://www.elastic.co/guide/en/beats/winlogbeat/current/config-winlogbeat-logstash.html
Point your Winlogbeat to output to Coralogix logstash server:
logstashserver.coralogix.com:5015
In addition you should add Coralogix configuration from the General section.
Here is a basic example of winlogbeat.yml:
#=========================== Winlogbeat Event Logs ============================
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
fields_under_root: true
fields:
PRIVATE_KEY: "YOUR_PRIVATE_KEY"
COMPANY_ID: YOUR_COMPANY_ID
APP_NAME: "APP_NAME"
SUB_SYSTEM: "windows_events"
#----------------------------- Logstash output --------------------------------
output.logstash:
enabled: true
hosts: ["logstashserver.coralogix.com:5015"]
tls.certificate_authorities: ["<path to folder with certificates>\\ca.crt"]
ssl.certificate_authorities: ["<path to folder with certificates>\\ca.crt"]Before starting test your configuration:
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -eStart your Winlogbeat service:
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat