Best practices for the log shipper selection of Windows eventlog

AME · April 9, 2023, 8:03am

Hi all,
currently I use OpenSearch with Logstash and Nxlog. Are there any best practices or recommendations on which log shipper is best to use?
I primarly want to use Security Analytics for Windows logs.
Thx

Gsmitt · April 12, 2023, 4:13am

Hey @AME

I use both but for Windows I perfer Winlogbeat. Depend on how much room you have, Winlogbeat can get pretty chatty.

nasrullonurullaev · February 7, 2024, 5:08pm

Hi Ame!
I have question how are you using Logstash in Windows?
I mean there are no Logstash for Windows - Only for Linux and MacOs

jst · February 8, 2024, 7:59am

I guess, he uses this version of Logstash…?

Topic		Replies	Views
What shippers should I use to collect the logs so that SIGMA rules will start matching? Security Analytics discuss	5	961	October 17, 2023
OpenSearch on ELK stack General Feedback	5	1189	November 15, 2023
Windows system log Analysis using Security Analytics feature Security Analytics	2	122	September 10, 2024
Beats are now deliberately "broken" on ElasticSearch 7.10 and newer OpenDistro	2	1375	June 4, 2021
Logstash Pipeline config for Winlogbeat, Auditbeat, Filebeat and Metricbeat OpenSearch configure	3	239	October 1, 2024

Best practices for the log shipper selection of Windows eventlog

Related topics