Skip to content

hochwald.net Posts

Ship Windows event logs with Winlogbeat

As I mentioned before, I use use Graylog to centrally capture and store many logfiles. I collect and ship logfiles from many systems, like Linux servers and network elements, which is easy with Syslog. But I also have some Windows systems, and I want to have the event logs collected and shipped to my Graylog server.

I used the NXLog Community Edition for a long time to do that! And NXLog did an excellent job! But there was on drawback: NXLog required me to use a dedicated configuration for each system, what I did with included. I couldn’t establish a universal “one size fits all” configuration approach. Then I found Winlogbeat from elastic!

And with Winlogbeat I was able to create a universal config that I can initially deploy to all Windows based servers! Yes, there are still some tweaks that you might want for each system (based on the role and use case of the system), but the universal approach worked very well for me.

CentOS Project shifts focus to CentOS Stream, is it time to panic?

In September 2019, IBM-owned Red Hat announced CentOS Stream. It is a rolling release version of CentOS.

Doesn’t sound like a big deal, but CentOS Stream is no longer a full-blown clone of the very stable Red Hat Enterprise Linux (RHEL), the development is now a parallel thing, and the upstream is now Fedora and not RHEL.

Invoke-WebRequest and Invoke-RestMethod get (401) Unauthorized without any reason

I use PowerShell to access a lot of API’s! Since a while some calls that are correct get the error: “The remote server returned an error: (401) Unauthorized.”.

In my case, this was only the case when I used Windows PowerShell (e.g., PowerShell 5.x)! PowerShell Core (7.x) worked fine.