Winlogbeat

Search engines have evolved tremendously in the last decades, to the point of developing specialized branches within their respective fields. The advent of cloud search solutions, which bring the power and capabilities of search engines, into the scalable environments of businesses and organizations. Elasticsearch is one such search engine, based on the Lucene library, which offers distributed, multitenant, capable, full-text search engine features.

Winlogbeat was developed specifically in order to ship Windows event logs to the Elasticsearch and Logstash engines, and it can be deployed as a standard service. The main working principle behind the service relies on reading from individual or multiple event logs via APIs and filtering the identified events based on customizable user criteria.

The detected logs are then sent to the configured search engines, in a structured, hierarchical manner, with persistent disk read, in order to enable process restart at all times. A multitude of event data types are supported and can be captured from any system logs. These include software, hardware, security, as well as system events.

Last but not least, users will be able to preview the resulting event statistical data in the included visualizer module, which offers graphical representations of the processed data.