Download filebeat from https://www.elastic.co/downloads/beats/filebeat Choose the MSI version for Windows Install as usual
Create file c:\ProgramData\Elastic\Beats\filebeat\filebeat.yml
###################### Filebeat Configuration #########################
# ============================== Filebeat inputs ===============================
filebeat.inputs:
- type: filestream
id: iis
enabled: true
paths:
- "C:/inetpub/logs/LogFiles/*/*.log"
exclude_lines: ['^#']
# ============================== Filebeat modules ==============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
# ================================== Outputs ===================================
# ------------------------------ Logstash Output -------------------------------
output.logstash:
hosts: ["x.x.x.x:5044"]
ssl.enabled: false
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
# ============================= X-Pack Monitoring ==============================
#monitoring.enabled: false
#monitoring.cluster_uuid:
#monitoring.elasticsearch:The filebeat agent is a standard windows service. Type services.msc and find Elastic Filebeat <version> in the services list.
Start/stop/restart as usual.