Step 1 - Enable logging to file from MSMQ
This tutorial was created using MS Server 2016 and the setup may vary for other versions.
  1. Open up the Performance Monitor app - You can do a windows search for "perfm" or navigate through Administrative Tools > Performance

  2. From the tree in the left-hand side panel expand as follows:

    Performance > Data Collector Sets > User Defined

  3. Right-click "User Defined" and select New > Data Collector Set from the context menu.

  4. Enter the name you wish to give to your set, select "Create Manually (Advanced)" and click "Next".

  5. Select Create data logs > Performance counter and click "Next".

  6. Click the "Add" button and the Counters window will open. On the left-hand side select your computer and from the list below select "MSMQ Queue". Click the "Add" button and "MSMQ Queue" will move over to the right-hand side. Click "OK".

You may want to select more from the list than just "MSMQ Queue". This example simply describes a basic setup to help you get your logs from MSMQ to Logstash.
  1. You will see that "MSMQ Queue" has been added to "Performance counters". Below this box you can change the logging interval. It is set at 15 seconds by default. Click "Next" after reviewing and making any changes if necessary.

  2. Here you can change the location of where the log files will be saved. Leave as is and click "Next" if you are happy with the default location given.

Leaving the default whilst creating this example placed the folder and files at C:\PerfLogs\Admin
  1. Click "Finish" to save and close.

  2. You will see that your new set has been added to the tree under "User Defined". Click your new set and you will see a performance counter in the panel on the right-hand side called "DataCollector01". Right-click this and select "Properties".

  3. Change the Log format to "Comma Separated", click "Apply" and then click "OK".

  4. Right-click your new set in the tree on the right-hand side and select "Start". A csv file will now be created at the location that you stated during the setup. Logs are added to this file at the interval that you requested.

Step 2 - Ship MSMQ logs using Filebeat

You can now point Filebeat at the folder containing your log file and the data will be ingested. Click here for instructions on how to setup Filebeat.

Remember when following the link above that in the "Step 3 - Configure the prospectors" part of the Filebeat guide that the path is the folder that contains your MSMQ logs. In the example above the path would be C:\PerfLogs\Admin and then in here the folder that you created.

Ready to get going?

Try our 14 day free trial

No commitment and no catches

Create Free Trial