Customization winlogbeat 7.16.2 on windows server

Hello. Tell me how to set it up correctly. There is a server srvlog, it collects all logs from domain controllers (forward event).
How to configure WinLogbeat to send logs received by this server?
My config now:

  • name: Application
    ignore_older: 72h
  • name: Security
  • name: System

tags: winlogbeat

hosts: [""]

logging.level: info
logging.to_files: true
path: C:/Program Files/Winlogbeat/logs
name: winlogbeat
keepfiles: 7

I need to receive events for authorization and access of AD users

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.