Configuring sidelong with winbeat for Graylog

• Now, we want to use sidecar to log events for a specific computer and to link it with graylog. First, we need to create a new beat in graylog named winlogbeat. Use the defaults, and allow the default port (5044/tcp) through your log servers firewall. Now, in graylog, create a token for your sidecar in the sidecar overview page. Save this for later.

• Next, we need to install sidecar on the host system we want to collect data from. We do this by using the command below to download sidecar and install it on our system. Ensure we download this in a new folder.

• wget https://sidecardownload -o sidecar.exe

• Next, we use these commands below to enable sidecar, and start the service.

• Once this is done, we need to create a new collector for this sidecar. Name and choose a color for this collector, and choose the config for winlogbeat on windows. In this configuration, be sure to change the output host to your log server. Update the configuration and ensure the sidecar is running, and you are finished.