elasticsearch on linux for windows Logs - elasticsearch

can i install elasticsearch on linux in order to run on it queries, for logs that are created on Windows servers?
My application runs on windows server, but in order to save money i want to run elasticsearch on linux, it should receive the log files from windows servers.
Kibana should run lo on linux.

You can run both on any system, both communicate via HTTP and are system agnostic.

Related

How to monitor apache tomcat running in windows via a zabbix agent?

We have a windows server that has zabbix agent installed.
Recently we installed multiple apache tomcat 7 websites running in different ports and need to monitor the number of active threads, response time, etc. I need suggestions to retrieve the values.
I found this documentation on Zabbix official website!
It might be helpful.

What is the procedure for installing graylog 2.x on windows..?

I have requirement to setup graylog and elasticsearch on windows.
Version: 2.3.2
Running Graylog on Windows is not supported, see System Requirements.
If you absolutely have to run Graylog on a Windows-based system, you have to use the virtual appliance (OVA) and run it in HyperV/VMWare/VirtualBox.
See Virtual Machine Appliances for details.

Getting logs from remote windows systems in Elastic Search ELK

I am new to Elasticsearch and logstash. I wanted to know if there's a way to get windows event logs of remote systems which login to my server(which has logstash) where the windows systems don't have any logpusher software on them.
Thanks in Advance!

How to configure logstash forwarder in windows for event logs (.evtx files)

I have configured logstash, elastic search and kibana on a Linux machine.
I tried to send logs from the Linux machine, it was successfully sent and working fine (Apache logs, system logs, log4j logs). I also tried sending it from a Windows machine. Normal logs are working fine but Windows Event Logs are not working (.evtx files).
Any idea on why it is working from Linux but not Windows?

How do I determine the identity of a Windows machine?

I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.

Resources