Collecting Windows Logs to CLS

Cloud Log Service

Release Notes and Announcements

Release Notes

Announcements

Upgrading Existing LogListener Instances

Product Introduction

Limits

Log Collection

Shipping and Consumption

Concepts

Purchase Guide

Pay-as-You-Go

Pay-As-You-Go Examples

Billing

Cleaning up CLS resources

Cost Optimization

FAQs

Getting Started

Getting Started Guide

Quickly Trying out CLS with Demo

Operation Guide

Resource Management

Logset

Log Topic

Metric topic

Topic Usage Monitoring

Machine Group Management

Permission Management

Sub-Account Authorization

Authorizable Resource Types

Access Policy Templates

Log Collection

Collection Overview

Collection by LogListener

LogListener Use Process

LogListener Installation and Deployment

LogListener Installation Guide(Linux)

Batch Deploying LogListener in CVM and Lighthouse

Installing LogListener in Self-built Kubernetes Cluster

LogListener Upgrade Guide

LogListener Service Logs

Importing LogListener Collection Configuration

LogListener Updates

Collecting Text Log

Full Text in a Single Line

Full Text in Multi Lines

Full Regular Expression (Single-Line)

Full Regular Expression (Multi-Line)

JSON Format

Separator Format

Combined Parsing Format

Configuring the Time Format

Collecting Logs in Self-Built Kubernetes Cluster

Configuring Log Collection in Self-Built Kubernetes Cluster in the Console

Configuring Log Collection in Self-Built Kubernetes Cluster via CRD

Collecting Syslog

Uploading Log over Kafka

Uploading Logs via Anonymous Write

Uploading Logs via Logback Appender

Uploading Logs via Log4j Appender

Uploading Log via SDK

Uploading Log via API

Importing Data

Importing COS Data

Tencent Cloud Service Log Access

Metric Collection

Metrics Reporting

Log Storage

Storage Class Overview

Data Encryption

Metric Storage

Metric Storage Overview

Compatible with Prometheus API

Metric Pre-aggregation

Search and Analysis (Log Topic)

Search and Analysis (Metric Topic)

Syntax Rules

Dashboard

Data Processing documents

Shipping and Consumption

Shipping Overview

CLS Service Role Authorization

Shipping to COS

JSON Shipping

Raw Log Shipping

Shipping Task Management

Shipping to CKafka

Creating Shipping Task

Shipping to ES

Dumping to ES Through SCF

Log Shipping

Consumption over Kafka

Customized Consumption

Metric Topic Shipping

Monitoring Alarm

Monitoring Alarm Overview

Managing Alarm Policies

Configuring Alarm Policies

Trigger Condition Expression

Channels to Receive Alarm Notifications

Receiving Alarm Notifications via SMS and Phone

Custom Callback APIs

Managing Notification Groups

Alarm Notification Variable

Viewing Alarm Records

Alarm Silence

Cloud Insight

Overview of Cloud Insight

Historical Documentation

Operation guide of earlier LogListener versions

Troubleshooting earlier LogListener versions

Practical Tutorial

Log Collection

Collecting Windows Logs to CLS

Collect/Query Host File Logs

Search and Analysis

CLB Access Log Analysis

NGINX Access Log Analysis

CDN Access Log Analysis

COS Access Log Analysis

CCN Flow Log Analysis

TKE Event Log Analysis

TKE Audit Log Analysis

Dashboard

Migrating the ES data source of Grafana to the CLS data source

Monitoring Alarm

Setting Alarm Trigger Conditions by Time Period

Setting Interval-Valued Comparison and Periodically-Valued Comparison as Alarm Trigger Conditions

Shipping and Consumption

Consumption of CLS Log with Flink

Using DLC (Hive) to Analyze CLS Log

Developer Guide

Embedding CLS Console

CLS Connection to Grafana

API Documentation

Making API Requests

Topic Management APIs

Log Set Management APIs

Index APIs

Topic Partition APIs

Machine Group APIs

DescribeMachineGroups

DescribeMachines

AddMachineGroupInfo

DeleteMachineGroupInfo

Collection Configuration APIs

ApplyConfigToMachineGroup

DeleteConfigFromMachineGroup

DescribeConfigMachineGroups

DescribeMachineGroupConfigs

Log APIs

Metric APIs

Alarm Policy APIs

DescribeAlertRecordHistory

Data Processing APIs

DescribeDataTransformInfo

ModifyDataTransform

Kafka Protocol Consumption APIs

CloseKafkaConsumer

ModifyKafkaConsumer

OpenKafkaConsumer

DescribeKafkaConsumer

CKafka Shipping Task APIs

Kafka Data Subscription APIs

DescribeKafkaRecharges

CheckRechargeKafkaServer

COS Shipping Task APIs

SCF Delivery Task APIs

CreateDeliverCloudFunction

Scheduled SQL Analysis APIs

DeleteScheduledSql

DescribeScheduledSqlInfo

CreateScheduledSql

ModifyScheduledSql

COS Data Import Task APIs

SearchCosRechargeInfo

FAQs

Health Check

Index Configuration

Log Upload

Collection

Machine Group Exception

LogListener FAQs

LogListener Installation Exception

Container Log Collection

Self-Built Kubernetes Log Collection Troubleshooting Guide

Log Search

Log Search Failure

Search Analysis Error

Others

CLS Service Level Agreement

CLS Policy

Data Processing And Security Agreement

Glossary

DocumentationCloud Log ServicePractical TutorialLog CollectionCollecting Windows Logs to CLS

Collecting Windows Logs to CLS

Download PDF

Last updated: 2024-01-20 17:28:40

Collecting Windows Logs to CLS

Last updated: 2024-01-20 17:28:40

Download PDF

Overview
This document describes how to use Winlogbeat or Filebeat to collect and upload Windows logs to CLS.
Prerequisites
You have activated CLS and created relevant resources such as logset and log topic.
You have obtained the SecretId and SecretKey in the Tencent Cloud console.
Directions
Using Winlogbeat to collect and upload Windows event logs to CLS
Installing Winlogbeat
1. Download the target Winlogbeat version at the official website.
This document takes Winlogbeat 7.6.2 as an example, which can be downloaded here.
2. Decompress the downloaded package to the C drive.
We recommend you create a winlogbeat folder under the Program Files directory for decompression.
3. Open PowerShell as the admin and run the following command:
cd C:\Program Files
cd .\winlogbeat-7.6.2-windows-x86_64
.\install-service-winlogbeat.ps1
During execution, if an error is reported, enter the Set-ExecutionPolicy -ExecutionPolicy RemoteSigned command and select y. Then, enter the above command again.
﻿
﻿
﻿
4. Run the following command to test whether the environment is normal.
.\winlogbeat.exe test config -c .\winlogbeat.yml -e
If config OK is returned, the environment is normal.
5. Run the following command to start the program.
Start-Service winlogbeat
Uploading logs to CLS
In the winlogbeat.yml file in C:\Program Files\Winlogbeat, change output.kafka to the following to send logs to CLS.
output.kafka:
  enabled: true
  hosts: ["${region}-producer.cls.tencentyun.com:9095"] # TODO: Service address. The public network port is 9096, and the private network port is 9095.
  topic: "${topicID}" #  TODO: Topic ID
  version: "0.11.0.2"
  compression: "${compress}"   # Configure the compression method. Valid values: `gzip`, `snappy`, `lz4`.
  username: "${logsetID}"
  password: "${SecurityId}#${SecurityKey}"
Parameter
Description
LinkType
Currently, SASL_PLAINTEXT is supported.
hosts
Address of the initially connected cluster. For more information, see Service Entries.
topic
Log topic ID, such as 76c63473-c496-466b-XXXX-XXXXXXXXXXXX.
username
Logset ID, such as 0f8e4b82-8adb-47b1-XXXX-XXXXXXXXXXXX.
password
Password in the format of ${SecurityId}#${SecurityKey}, such as XXXXXXXXXXXXXX#YYYYYYYY.
Using Filebeat to collect Windows file logs
Installing Filebeat
1. Download the target version here.
2. Upload and decompress the installation package to the root directory of a drive on the Windows server.
3. Edit the filebeat.yml file.
Note: 
Use "/" rather than "&quot; in paths.
4. Find the target log path and edit the module configuration file (with mssql as an example below).
# Module: mssql
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.3/filebeat-module-mssql.html
- module: mssql
# Fileset for native deployment
log:
enabled: true
 # Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["D:/Program Files/Microsoft SQL Server/MSSQL10_50.MSSQLSERVER/MSSQL/Log/ERROR*"]
5. Open PowerShell as the admin and run the following command:
# Enter the specific Filebeat path
cd c:/filebeat
﻿
# Run the installation script to install Filebeat
.\install-service-filebeat.ps1
﻿
# Start the mssql module
.\filebeat.exe modules enable mssql
﻿
# Install the template file
.\filebeat.exe setup -e
﻿
# Start Filebeat
start-service filebeat
Uploading logs to CLS
In the filebeat.yml file, change output.kafka to the following to send logs to CLS:
output.kafka:
  enabled: true
  hosts: ["${region}-producer.cls.tencentyun.com:9095"] # TODO: Service address. The public network port is 9096, and the private network port is 9095.
  topic: "${topicID}" #  TODO: Topic ID
  version: "0.11.0.2"
  compression: "${compress}"   # Configure the compression method. Valid values: `gzip`, `snappy`, `lz4`.
  username: "${logsetID}"
  password: "${SecurityId}#${SecurityKey}"
Parameter
Description
LinkType
Currently, SASL_PLAINTEXT is supported.
hosts
Address of the initially connected cluster. For more information, see Service Entries.
topic
Log topic ID, such as 76c63473-c496-466b-XXXX-XXXXXXXXXXXX.
username
Logset ID, such as 0f8e4b82-8adb-47b1-XXXX-XXXXXXXXXXXX.
password
Password in the format of ${SecurityId}#${SecurityKey}, such as XXXXXXXXXXXXXX#YYYYYYYY.
Service Entries
Region
Network Type
Port Number
Service Entry
Guangzhou
Private network
9095
gz-producer.cls.tencentyun.com:9095
﻿
Public network
9096
gz-producer.cls.tencentcs.com:9096
Note: 
This document uses the Guangzhou region as an example. The private and public domain names are identified by different ports. For other regions, replace the address prefixes. For more information, see here.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Parameter	Description
LinkType	Currently, SASL_PLAINTEXT is supported.
hosts	Address of the initially connected cluster. For more information, see Service Entries.
topic	Log topic ID, such as 76c63473-c496-466b-XXXX-XXXXXXXXXXXX.
username	Logset ID, such as 0f8e4b82-8adb-47b1-XXXX-XXXXXXXXXXXX.
password	Password in the format of `${SecurityId}#${SecurityKey}`, such as XXXXXXXXXXXXXX#YYYYYYYY.

Region	Network Type	Port Number	Service Entry
Guangzhou	Private network	9095	gz-producer.cls.tencentyun.com:9095
Guangzhou		Public network	9096	gz-producer.cls.tencentcs.com:9096

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center