Logstash can gather logs from different OS, so I installed nxlog on each Windows machine in my infrastructure. And now I can view log in one place in my Kibana interface:
logstash.conf
input { syslog { type => LinuxLog port => 5514 } udp { type => "WindowsLog" codec => json port => 5140 } } output { elasticsearch { host => localhost } stdout { codec => rubydebug } }
nxlog.conf
## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension charconv> Module xm_charconv AutodetectCharsets utf-8, euc-jp, utf-16, utf-32, iso8859-2 </Extension> <Extension json> Module xm_json </Extension> <Input in> Module im_msvistalog Exec convert_fields("AUTO", "utf-8"); # For windows 2003 and earlier use the following: # Module im_mseventlog Exec to_json(); </Input> <Output out> Module om_udp Host log.alexlinux.com Port 5140 </Output> <Route 1> Path in => out </Route>