Alooma supports Elasticsearch's beats protocol to receive events. Using Winlogbeat, it is possible to send Windows Event Logs to Alooma in a few easy steps.
Log in to your Alooma account and add a "Server Logs" input from the Plumbing page.
Give your input a name, and click Next.
Copy the generated token.
Configure Winlogbeat according to the example configuration below. Replace <YOUR_TOKEN> with the token you copied in step 3. Enter the names of the Windows event logs you want to stream. In our example we're using logstash for the output:
winlogbeat.event_logs: - name: Application - name: Security - name: System fields: token: "<YOUR_TOKEN>" fields_under_root: true output: logstash: hosts: ["inputs.alooma.com:5044"] ssl: enabled: true logging.level: debug
You can further customize your Winlogbeat client by following the example configuration file in Winlogbeat's GitHub repository.
Start the Winlogbeat service:
That's it, you're ready to send events to Alooma. Enjoy!