Graylog 的前置步骤一样，可以看 windows 配置 Winlogbeat 的日志采集

nginx这里是通过 filebeat 组件进行采集的

下载路径 ： https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.17.1-windows-x86_64.zip

修改配置文件

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input-specific configurations.

# filestream is an input for collecting log messages from files.
- type: log

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - C:\nginx-1.24.0\nginx-1.24.0\logs\*.log # nginx日志文件路径

把 Elasticsearch Output 注释

配置 Logstash Output

output.logstash:
  # The Logstash hosts
  hosts: ["10.206.0.4:5044"]

安装命令

 .\install-service-filebeat.ps1

启动命令

Start-Service  filebeat
Get-Service winlogbeat

2. 验证采集情况，已经采集成功