MSMQ

Ship MSMQ application logs to Logstash

Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline.

Applications send messages to queues and read messages from queues. Get started with MSMQ logging by following our configuration example which shows how a queue can hold messages that are generated by multiple sending applications and read by multiple receiving applications.

Logs

Install Integration

Please click on the Install Integration button to configure your stack for this source.

Enable File Logging

⚠️

This tutorial was created using MS Server 2016 and the setup may vary for other versions.

  • Open up the Performance Monitor app - You can do a windows search for "perfm" or navigate through Administrative Tools > Performance
  • From the tree in the left-hand side panel expand as follows:

Performance > Data Collector Sets > User Defined

  • Right-click "User Defined" and select New > Data Collector Set from the context menu.
  • Enter the name you wish to give to your set, select "Create Manually (Advanced)" and click "Next".
  • Select Create data logs > Performance counter and click "Next".
  • Click the "Add" button and the Counters window will open. On the left-hand side select your computer and from the list below select "MSMQ Queue". Click the "Add" button and "MSMQ Queue" will move over to the right-hand side. Click "OK".

You may want to select more from the list than just "MSMQ Queue". This configuration simply describes a basic setup to help you get your logs from MSMQ to Logstash.

  • You will see that "MSMQ Queue" has been added to "Performance counters". Below this box you can change the logging interval. It is set at 15 seconds by default. Click "Next" after reviewing and making any changes if necessary.
  • Here you can change the location of where the log files will be saved. Leave as is and click "Next" if you are happy with the default location given.

Leaving the default whilst creating this example placed the folder and files at C:\PerfLogs\Admin

  • Click "Finish" to save and close.
  • You will see that your new set has been added to the tree under "User Defined". Click your new set and you will see a performance counter in the panel on the right-hand side called "DataCollector01". Right-click this and select "Properties".
  • Change the Log format to "Comma Separated", click "Apply" and then click "OK".
  • Right-click your new set in the tree on the right-hand side and select "Start". A csv file will now be created at the location that you stated during the setup. Logs are added to this file at the interval that you requested.

Ship MSMQ Logs using Filebeat

You can now point Filebeat at the folder containing your log file and the data will be ingested.

Remember when following the link above that in the "Step 3 - Configure the prospectors" part of the Filebeat guide that the path is the folder that contains your MSMQ logs. In the example above the path would be C:\PerfLogs\Admin and then in here the folder that you created.

Check Logit.io for your logs

Data should now have been sent to your Stack.

View My Data

If you don't see take a look at How to diagnose no data in Stack below for how to diagnose common issues.

How to diagnose no data in Stack

If you don't see data appearing in your stack after following this integration, take a look at the troubleshooting guide for steps to diagnose and resolve the problem or contact our support team and we'll be happy to assist.