configuration : most are the defaults. just the output for logstash.
- name: Application
- name: Security
- name: System
In this way, the winlogbeat.exe can be started without getting any messages from Security. if Application and System are removed, then the winlogbeat will not be started.
But , in windows2008, the winlogbeat.exe can be started in both ways, and the three kinds of logs can be got.
Can anyone help?