issue "LOGSTASH-1747" would be a nice feature! I had tested it out, but it didn't work for me.
I've installed the contrib-package and modified the logstash/lib/logstash/input/wmi.rb with the following file content:
By testing my config an error has occured:
LoadError: load error: win32ole/win32ole – java.lang.UnsatisfiedLinkError: /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/racob-x86.dll: /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/racob-x86.dll: invalid ELF header (Possible cause: endianness mismatch)
My conf btw..:
query => "SELECT * FROM Win32_NTLogEvent WHERE (logfile='Application')"
interval => 30
host => "192.168.0.128"
user => "logstash"
password => "test1234"
I changed some dynamic paths into hard paths in the /opt/logstash/vendor/bundle/jruby/1.9/gems/jruby-win32ole-0.8.5/lib/jruby-win32ole.rb
But by doing that and testing my config again I got another error:
missing class or uppercase package name (`org.racob.com.Dispatch')
What I'm doing wrong? :-/
My main aim is to remote collection of Windows eventlog (over the WMI protocol) on linux hosts without the need to install an agent on the Windows target.
Thanks in advance.