This tutorial covers the deployment of IBM Operational Analytics – Log Analysis (IOALA), to be used as a centralized logging interface for a multi-server windows based environment. The content of this document shows you how to configure the Logstash component of the Log Analysis server to collect and visualize logs of your Windows systems in a centralized location, using a lightweight data shipping tool called Winlogbeat.

Summary of all the components needed to execute this solution

Windows Events Log Diagram

Winlogbeat will be installed on a Windows 10 server (the client server). IBM Log Analysis and Logstash will be installed on Red Hat Enterprise Linux Server release 6 (the IOALA server).

Overview of the required steps

To implement this solution, the following steps will need to be completed.

Use the attached Send Windows Events Securely to IBM Operations Analytics Log Analysis document to complete the steps.