Hello. Tell me how to set it up correctly. There is a server srvlog, it collects all logs from domain controllers (forward event).
How to configure WinLogbeat to send logs received by this server?
My config now:
winlogbeat.event_logs:
- name: Application
ignore_older: 72h - name: Security
- name: System
tags: winlogbeat
output.logstash:
hosts: ["192.168.1.4:5044"]
logging.level: info
logging.to_files: true
logging.files:
path: C:/Program Files/Winlogbeat/logs
name: winlogbeat
keepfiles: 7
I need to receive events for authorization and access of AD users