Elastic Agent Issues Sending Logs - How much longer we need to wait?

ikbal · September 14, 2021, 6:15am

Hello Elastic,

I believe you know that this issues has been circulated in the wild and it seems that the issues still exist whereby the agent installed is not transporting windows event logs etc to the Elastic. The one can be received is metricbeat and the prevention of ransomware, malware or the logs not even sent to the Elasticsearch.

This is quite disappointing. Been think to bring this forward to the potential client in coming weeks. Can you guys please expedite this issues soonest possible?

Get your backend team to do some research and study more about Velocidex / Velociraptor team URL https://www.velocidex.com/ and they seems more skillful doing stuff related to tls/ssl for https connection to the server and able to retrieve windows logs via https for forensics and remediation.

andrewkroh · September 15, 2021, 12:54pm

Elastic Agent can collect Windows event logs. You need to have a policy applied to the Agent that collects the logs. These are the Fleet integrations related to Windows event logs:

system integration - Reads from Application, Security, and System event logs and maps data to Elastic Common Schema (ECS)
windows integration - Reads from Sysmon, PowerShell, and ForwardedEvents and maps data to ECS.
winlog integration - Custom winlog input to read from any Windows event channel.

system · October 13, 2021, 12:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.