Customization winlogbeat 7.16.2 on windows server

Hello. Tell me how to set it up correctly. There is a server srvlog, it collects all logs from domain controllers (forward event).
How to configure WinLogbeat to send logs received by this server?
My config now:
winlogbeat.event_logs:

  • name: Application
    ignore_older: 72h
  • name: Security
  • name: System

tags: winlogbeat

output.logstash:
hosts: ["192.168.1.4:5044"]

logging.level: info
logging.to_files: true
logging.files:
path: C:/Program Files/Winlogbeat/logs
name: winlogbeat
keepfiles: 7

I need to receive events for authorization and access of AD users

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.