When you run the module, it performs a few tasks under the hood:
- Sets the default paths to the log files (but don’t worry, you can override the defaults)
- Makes sure each multiline log event gets sent as a single event
- Uses ingest node to parse and process the log lines, shaping the data into a structure suitable for visualizing in Kibana
- Deploys dashboards for visualizing the log data
The IIS module was tested with logs from version 10.
If you haven't already installed filebeat...
- As administrator, enter the following command in Powershell or download the zip file here.
Start-BitsTransfer -Source 'https://github.com/themarcusaurelius/Filebeat-Modules/archive/master.zip' -Destination 'C:\Users\Administrator\Downloads\Filebeat-Modules.zip'
-
Unzip the package and extract the contents to the
C:/drive. -
Back in Powershell, CD into the extracted folder and run the following script:
.\installFilebeat.ps1
- When prompted, enter your credentials below and click OK.
Kibana URL: _PLACEHOLDER_KIBANA_URL_
Username: _PLACEHOLDER_USERNAME_
Password: _PLACEHOLDER_PASSWORD_
Elasticsearch API Endpoint: _PLACEHOLDER_API_ENDPOINT_- Choose the
Issmodule and click OK.
This will install and run Filebeat with the module you enabled set to that particular modules default file path.
Data should now be shipping to your Vizion Elastic app. Check the Discover tab in Kibana for the incoming logs
If you have already installed filebeat...
- In Powershell, as administrator, CD into the
Filebeatfolder and enter the following command:
.\filebeat.exe modules enable iss
- Restart Filebeat to initate the changes.
restart-service filebeat
Data should now be shipping to your Vizion Elastic app. Check the Discover tab in Kibana for the incoming logs
This module comes with a sample dashboard. For example:
