TimberWinR ========== A Native Windows to Redis Logstash Agent which runs as a service. ## Why have TimberWinR? TimberWinR is a native .NET implementation utilizing Microsoft's [LogParser](http://technet.microsoft.com/en-us/scriptcenter/dd919274.aspx). This means no JVM/JRuby is required, and LogParser does all the heavy lifting. TimberWinR collects the data from LogParser and ships it to Logstash via Redis. ## Basics TimberWinR uses a configuration file to control how the logs are collected, filtered and shipped off. These are broken down into: 1. Inputs (Collect data from different sources) 2. Filters (Are applied to all Inputs) 3. Outputs (Currently ships only to Redis) ## Input Formats The current supported Input format sources are: 1. [Logs](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/Logs.md) (Files, a.k.a Tailing a file) 2. [Tcp](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/TcpInput.md) (listens on a port for JSON messages) 3. [IISW3C](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/IISW3CInput.md)(Internet Information Services W3C Format) 4. [WindowsEvents](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/WindowsEvents.md) ## Filters The current list of supported filters are: 1. [Grok](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/GrokFilter.md) 2. [Mutate](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/MutateFilter.md) 3. [Date](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/DateFilter.md) ## JSON Since TimberWinR only ships to Redis, the format generated by TimberWinR is JSON. All fields referenced by TimberWinR can be represented as a JSON Property or Array. ## Supported Output Formats 1. [Redis](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/RedisOutput.md) ## Sample Configuration TimberWinR reads a JSON configuration file, an example file is shown here: ```json { "TimberWinR": { "Inputs": { "WindowsEvents": [ { "source": "System,Application", "binaryFormat": "PRINT", "resolveSIDS": true } ] }, "Outputs": { "Redis": [ { "host": [ "server1.host.com" ] } ] } } ``` This configuration collects Events from the Windows Event Logs (System, Application) and forwards them to Redis. ## Installation as a Windows Service TimberWinR uses [TopShelf](http://topshelf-project.com/) to install as a service, so all the documentation for installing and configuring the service is show here [TopShelf Doc](http://docs.topshelf-project.com/en/latest/) Specifically the command line options are listed here in [Topshelf Command-Line Reference](http://docs.topshelf-project.com/en/latest/overview/commandline.html) guide. Install and set to Automatically Start the service: ``` ; Install Service (will autostart on reboot) TimberWinR.ServiceHost.exe install --autostart ; Start the Service TimberWinR.ServiceHost.exe start ``` To Start/Stop the Service from the Command Line ``` TimberWinR.ServiceHost.exe start TimberWinR.ServiceHost.exe stop ``` Alternatively you can use the Services Control Panel. ### Usage ``` TimberWinR.ServiceHost.exe [options] Options: -logDir: Specifies the directory where TimberWinR will write its log file TimberWinR.txt Default is -logDir:"C:\logs" -logLevel: Specifies the logging level for TimberWinR Legal Values: Trace|Debug|Info|Warn|Error|Fatal|Off Default is -logDir:Info -configFile: Specifies the path to the JSON config files Default is -configFile:default.json ```