Logstash-forwarder as Windows Service

Darkglow picture Darkglow · Apr 13, 2015 · Viewed 10.3k times · Source

I'm struggling to create a Windows Service for a logstash forwarder on Windows 2008 R2 Server.

My setup looks as follows:

Ubuntu Server 14.04 LTS

  • Elasticsearch
  • Logstash
  • Kibana

Windows Server 2008 R2:

  • Application logging to a certain path.
  • Ship logs to the ELK Stack via Logstash-forwarder

I'm currently shipping logs successfully to the ELK-Stack via Logstash forwarder compiled for Windows using the instructions here... https://github.com/elastic/logstash-forwarder. The only problem is, that I have to run the logstash forwarder in a CLI window, and I'm not able to set it up as a Windows Service.

I've tryed the following SC command, the service is created but the service will not start at all. Just returning the following error: The service did not respond to the start or control request in a timely fashion.

sc create LogstashForwarder binpath= "\"C:\_Logstash\logstash-forwarder.exe\" -config=\"C:\_Logstash\logstash-forwarder.conf\"" start= Auto displayname= "Logstash forwarder" 

Unfortunately Google does not know any answer either.

Does anyone have been able to start the logstash forwarder on Windows as a Windows Service with the SC command? Some good advice will be very appreciated.

Answer

Rys picture Rys · Apr 13, 2015

If your logstash configuration is correct try these steps.

  1. Get nssm soft
  2. Decompress the nssm zip in the bin folder of logstash
  3. Excecute from command line nssm install logstash

  4. Add the path to your bat on the launched config screen

  5. Add your startup directory too.

Here you can get some more help

https://blog.basefarm.com/blog/how-to-install-logstash-on-windows-server-2012-with-kibana-in-iis/

https://github.com/verbosemode/public-notes/blob/master/logstash-windows.md

Hope this help