graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Bring back default filebeat collector for windows

Open mpfz0r opened this issue 1 year ago • 2 comments

with https://github.com/Graylog2/graylog2-server/issues/15570

we removed the filebeat collector for Windows. We should check whether that was intended, and if not, re-introduce it.

mpfz0r avatar Apr 29 '24 09:04 mpfz0r

Checked with Bernd, this is fixed server-side.

tellistone avatar Apr 30 '24 09:04 tellistone

The old Windows Filebeat configuration looks like this:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
   hosts: ["192.168.1.1:5044"]
path:
  data: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat"}\data
  logs: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar"}\logs
tags:
 - windows
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - C:\logs\log.log

which is not very useful in my opinion. @tellistone if we want to have a useful configuration, I think the SecCon team needs to provide one. But I don't know if we can make it to the next bugfix release then. Should I ping someone from the SecCon team or do you want to coordinate this?

AntonEbel avatar May 06 '24 16:05 AntonEbel