TimberWinR
A Native Windows to Redis Logstash Agent which runs as a service.
Why have TimberWinR?
TimberWinR is a native .NET implementation utilizing Microsoft's LogParser. This means no JVM/JRuby is required, and LogParser does all the heavy lifting. TimberWinR collects the data from LogParser and ships it to Logstash via Redis.
Basics
TimberWinR uses a configuration file to control how the logs are collected, filtered and shipped off.
These are broken down into:
- Inputs (Collect data from different sources)
- Filters (Are applied to all Inputs)
- Outputs (Currently ships only to Redis)
Input Formats
The current supported Input format sources are:
- Logs (Files, a.k.a Tailing a file)
- Tcp (listens on a port for JSON messages)
- IISW3C (Internet Information Services W3C Format)
- WindowsEvents
Filters
The current list of supported filters are:
JSON
Since TimberWinR only ships to Redis, the format generated by TimberWinR is JSON. All fields referenced by TimberWinR can be represented as a JSON Property or Array.
Supported Output Formats
- Redis
Sample Configuration
TimberWinR reads a JSON configuration file, an example file is shown here:
{
"TimberWinR": {
"Inputs": {
"WindowsEvents": [
{
"source": "System,Application",
"binaryFormat": "PRINT",
"resolveSIDS": true
}
]
},
"Outputs": {
"Redis": [
{
"host": [
"server1.host.com"
]
}
]
}
}
This configuration collects Events from the Windows Event Logs (System, Application) and forwards them to Redis.