Send data via MSMQ to your Logstash instance provided by Logit.io

MSMQ

Ship MSMQ application logs to logstash.

Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. Applications send messages to queues and read messages from queues. The following illustration shows how a queue can hold messages that are generated by multiple sending applications and read by multiple receiving applications. Understand how MSMQ is performing by shipping logs and errors to Logstash.

Step 1 - Enable File Logging

This tutorial was created using MS Server 2016 and the setup may vary for other versions.
  1. Open up the Performance Monitor app - You can do a windows search for "perfm" or navigate through Administrative Tools > Performance

  2. From the tree in the left-hand side panel expand as follows:

    Performance > Data Collector Sets > User Defined

  3. Right-click "User Defined" and select New > Data Collector Set from the context menu.

  4. Enter the name you wish to give to your set, select "Create Manually (Advanced)" and click "Next".

  5. Select Create data logs > Performance counter and click "Next".

  6. Click the "Add" button and the Counters window will open. On the left-hand side select your computer and from the list below select "MSMQ Queue". Click the "Add" button and "MSMQ Queue" will move over to the right-hand side. Click "OK".

You may want to select more from the list than just "MSMQ Queue". This example simply describes a basic setup to help you get your logs from MSMQ to Logstash.
  1. You will see that "MSMQ Queue" has been added to "Performance counters". Below this box you can change the logging interval. It is set at 15 seconds by default. Click "Next" after reviewing and making any changes if necessary.

  2. Here you can change the location of where the log files will be saved. Leave as is and click "Next" if you are happy with the default location given.

Leaving the default whilst creating this example placed the folder and files at C:\PerfLogs\Admin
  1. Click "Finish" to save and close.

  2. You will see that your new set has been added to the tree under "User Defined". Click your new set and you will see a performance counter in the panel on the right-hand side called "DataCollector01". Right-click this and select "Properties".

  3. Change the Log format to "Comma Separated", click "Apply" and then click "OK".

  4. Right-click your new set in the tree on the right-hand side and select "Start". A csv file will now be created at the location that you stated during the setup. Logs are added to this file at the interval that you requested.

Step 2 - Ship MSMQ Logs using Filebeat

You can now point Filebeat at the folder containing your log file and the data will be ingested. Click here for instructions on how to setup Filebeat.

Remember when following the link above that in the "Step 3 - Configure the prospectors" part of the Filebeat guide that the path is the folder that contains your MSMQ logs. In the example above the path would be C:\PerfLogs\Admin and then in here the folder that you created.

expand view

Expand View

compact view

Compact View

Return to Search
Sign Up