TerribleDev/TimberWinR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
100 Commits 22 Branches 2 Tags
06874e7b4283347303647790b4a1764b0dd6b7ee
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Eric Fontana 06874e7b42 Cleanup and more doc changes.
2014-07-31 08:07:30 -04:00
.nuget
Initial Checkin
2014-07-15 09:22:34 -04:00
mdocs
more doc
2014-07-30 07:49:05 -04:00
packages
Finished up log tailing.
2014-07-22 10:26:04 -04:00
TimberWinR
Cleanup and more doc changes.
2014-07-31 08:07:30 -04:00
TimberWinR.ServiceHost
Cleanup and more doc changes.
2014-07-31 08:07:30 -04:00
TimberWinR.UnitTests
restructure docs
2014-07-30 07:55:07 -04:00
.gitattributes
Initial Checkin
2014-07-15 09:22:34 -04:00
.gitignore
Initial Checkin
2014-07-15 09:22:34 -04:00
LICENSE.txt
Implemented DateFilter, added License
2014-07-22 11:39:32 -04:00
Package.nuspec
Nuget version
2014-07-30 10:58:23 -04:00
README.md
Cleanup and more doc changes.
2014-07-31 08:07:30 -04:00
TimberWinR.sln
Added logs doc
2014-07-30 08:25:10 -04:00

README.md

TimberWinR

A Native Windows to Redis Logstash Agent which runs as a service.

Why have TimberWinR?

TimberWinR is a native .NET implementation utilizing Microsoft's LogParser. This means no JVM/JRuby is required, and LogParser does all the heavy lifting. TimberWinR collects the data from LogParser and ships it to Logstash via Redis.

Basics

TimberWinR uses a configuration file to control how the logs are collected, filtered and shipped off.
These are broken down into:

  1. Inputs (Collect data from different sources)
  2. Filters (Are applied to all Inputs)
  3. Outputs (Currently ships only to Redis)

Input Formats

The current supported Input format sources are:

  1. Logs (Files, a.k.a Tailing a file)
  2. Tcp (listens on a port for JSON messages)
  3. IISW3C(Internet Information Services W3C Format)
  4. WindowsEvents

Filters

The current list of supported filters are:

  1. Grok
  2. Mutate
  3. Date

JSON

Since TimberWinR only ships to Redis, the format generated by TimberWinR is JSON. All fields referenced by TimberWinR can be represented as a JSON Property or Array.

Supported Output Formats

  1. Redis

Sample Configuration

TimberWinR reads a JSON configuration file, an example file is shown here:

{
"TimberWinR": {
    "Inputs": {
        "WindowsEvents": [
            {
                "source": "System,Application",
                "binaryFormat": "PRINT",
                "resolveSIDS": true
            }
        ]
    },
    "Outputs": {
        "Redis": [
            { 
                "host": [
                    "server1.host.com"
                ]
            }
        ]
    }
}

This configuration collects Events from the Windows Event Logs (System, Application) and forwards them to Redis.

Installation as a Windows Service

TimberWinR uses TopShelf to install as a service, so all the documentation for installing and configuring the service is show here TopShelf Doc

Specifically the command line options are listed here in Topshelf Command-Line Reference guide.

Install and set to Automatically Start the service:

; Install Service (will autostart on reboot)
TimberWinR.ServiceHost.exe install --autostart
; Start the Service
TimberWinR.ServiceHost.exe start

To Start/Stop the Service from the Command Line

TimberWinR.ServiceHost.exe start
TimberWinR.ServiceHost.exe stop

Alternatively you can use the Services Control Panel.

Usage

Reference in New Issue View Git Blame Copy Permalink
Description
A First-class Native Windows to Redis/Elasticsearch Logstash Agent utilizing Microsoft's LogParser
Readme 32 MiB
Languages
C# 100%