Hello!
I am starting to test SIEM (v7.4.1) and have come across a bit of trouble enabling Netflow in Filebeat.
I need to do a configuration in Linux (CentOS 7) and Windows Server environments.
I can get the Filebeat service up, but it doesn't send any logs to Elasticsearch.
I already tested the config and it returns OK.
I suppose that might be the way I'm addressing the logs, in this case the paths I'm using are these:
Windows:
- C:\Windows\System32\winevt\Logs\Security
- C:\Windows\System32\winevt\Logs\Application
Linux
- /var/log/*.log
- /var/log/messages
Can you tell me if you are right?