Auditbeat on Windows core with sshd

Just installed the first Aufitbeat agent to a Windows server and as this is a Windows Core server access is really only via ssh. Has anyone played with this setup? Auditbeat is reporting, but I'm not seeing sshd login being reported to Elasticsearch.

I'm not sure how to configure Auditbeat on Windows Server to ensure that sshd events are logged.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.