Elastic Endpoint shipping application and service logs

Hi All,

Currently I can not see a way to configure the endpoint agent to collect logs from sub categories of "Applications and Services". Is this something I am missing or a feature that will come in the future ?

Thanks in advance.

Do you mean for Endpoint to only collect events from some processes?

I guess more applications than single processes, although that could be what you were suggesting.
For example if i wanted to collect logs for windows defender I would have to ship;

Application and Service Logs > Microsoft > Windows > Windows Defender

I know you already ship Sysmon logs from the same location as above, but could not see a clear way to ship others using the endpoint agent.

Hi @The1WhoPrtNocks,

The endpoint integration for elastic agent does not collect specific application logs. However, you maybe be able to use our custom log integration to specify the log path.

You can add the integration to your agent via fleet. Will that work for your needs?

Hi @bradenpreston ,

That is exactly what I needed, I am sorry for being that person who raises a question without clearly looking deep enough :slight_smile: .

Not a problem at all. Please let us know if it works out for you.