This tutorial covers the deployment of IBM Operational Analytics – Log Analysis (IOALA), to be used as a centralized logging interface for a multi-server windows based environment. The content of this document shows you how to configure the Logstash component of the Log Analysis server to collect and visualize logs of your Windows systems in a centralized location, using a lightweight data shipping tool called Winlogbeat.
Summary of all the components needed to execute this solution
- Red Hat Enterprise Linux 6.x Server
- 1+ Windows 7/10 Servers
- IBM Operational Analytics – Log Analysis 1.3.5
- Logstash 2.2.1 – This is the data processing pipelinethat allows you to pull data from a wide variety of sources
- Winlogbeat 5.1 – This tool reads from one or more event logs using Windows APIs
Winlogbeat will be installed on a Windows 10 server (the client server). IBM Log Analysis and Logstash will be installed on Red Hat Enterprise Linux Server release 6 (the IOALA server).
Overview of the required steps
To implement this solution, the following steps will need to be completed.
- Install OpenJDK (Java 8) on the IOALA Server
- Install IBM Operational Analytics – Log Analysis
- Installing Logstash
- SSL Certificate Configuration
- Install Winlogbeat on Windows server(s)
- Copy certificates to Windows clients
- Winlogbeat Configuration
- Logstash Configuration
- Creating and Publishing the data source for Log Analysis
- Testing the Application
Use the attached Send Windows Events Securely to IBM Operations Analytics Log Analysis document to complete the steps.