Hello. Tell me how to set it up correctly. There is a server srvlog, it collects all logs from domain controllers (forward event).
How to configure WinLogbeat to send logs received by this server?
My config now:
- name: Application
- name: Security
- name: System
path: C:/Program Files/Winlogbeat/logs
I need to receive events for authorization and access of AD users