TimberWinR ========== A Native Windows to Redis Logstash Agent which runs as a service. ## Why have TimberWinR? TimberWinR is a native .NET implementation utilizing Microsoft's [LogParser](http://technet.microsoft.com/en-us/scriptcenter/dd919274.aspx). This means no JVM/JRuby is required, and LogParser does all the heavy lifting. TimberWinR collects the data from LogParser and ships it to Logstash via Redis. ## Basics TimberWinR uses a configuration file to control how the logs are collected, filtered and shipped off. These are broken down into: 1. Inputs (Collect data from different sources) 2. Filters (Are applied to all Inputs) 3. Outputs (Currently ships only to Redis) ## Input Formats The current supported Input format sources are: 1. Logs (Files, a.k.a Tailing a file) 2. Tcp (listens on a port for JSON messages) 3. IISW3C (Internet Information Services W3C Format) 4. [WindowsEvents](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/WindowsEvents.md) ## Filters The current list of supported filters are: 1. [Grok](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/GrokFilter.md) 2. [Mutate](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/MutateFilter.md) 3. [Date](https://github.com/efontana/TimberWinR/blob/master/TimberWinR/mdocs/DateFilter.md) ## JSON Since TimberWinR only ships to Redis, the format generated by TimberWinR is JSON. All fields referenced by TimberWinR can be represented as a JSON Property or Array. ## Supported Output Formats - Redis ## Sample Configuration TimberWinR reads a JSON configuration file, an example file is shown here: ```json { "TimberWinR": { "Inputs": { "WindowsEvents": [ { "source": "System,Application", "binaryFormat": "PRINT", "resolveSIDS": true } ] }, "Outputs": { "Redis": [ { "host": [ "server1.host.com" ] } ] } } ``` This configuration collects Events from the Windows Event Logs (System, Application) and forwards them to Redis.