Customization winlogbeat 7.16.2 on windows server

holpa · January 12, 2022, 5:28am

Hello. Tell me how to set it up correctly. There is a server srvlog, it collects all logs from domain controllers (forward event).
How to configure WinLogbeat to send logs received by this server?
My config now:
winlogbeat.event_logs:

name: Application
ignore_older: 72h
name: Security
name: System

tags: winlogbeat

output.logstash:
hosts: ["192.168.1.4:5044"]

logging.level: info
logging.to_files: true
logging.files:
path: C:/Program Files/Winlogbeat/logs
name: winlogbeat
keepfiles: 7

I need to receive events for authorization and access of AD users

system · February 9, 2022, 5:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No logs being sent by Winlogbeat Beats winlogbeat	0	150	April 22, 2024
Winlogbeat and Reading Log Files Beats winlogbeat	5	4320	April 12, 2016
Winlogbeat service stopped automaticly Beats windows , winlogbeat	3	1081	November 1, 2020
Winlogbeat and Windows Event Fowarder (WEF) Wrong Hostname Beats winlogbeat	3	1175	March 17, 2020
Help needed on winlogbeat Beats winlogbeat	1	277	April 29, 2021

Customization winlogbeat 7.16.2 on windows server

Related Topics