Error monitoring Windows folders recursively

FatalGlitch · April 14, 2020, 11:24pm

Config excerpt is below:

#path.home:
path.config: ${path.home}/fim/conf
path.data: ${path.home}/fim/data
path.logs: ${path.home}/logs
keystore.path: "${path.config}/fim.keystore"

auditbeat.config.modules:
  path: ${path.config}/conf.d/*.yml
  reload.period: 10s
  reload.enabled: true

auditbeat.max_start_delay: 10s

auditbeat.modules:
- module: file_integrity
  paths:
  - C:/windows
  - C:/windows/system32
  - C:/Program Files
  - C:/Program Files (x86)

  exclude_files:
  - '(?i)\.lnk$'
  - '(?i)\.swp$'

  scan_at_start: true
  scan_rate_per_sec: 50 MiB
  max_file_size: 100 MiB
  hash_types: [sha1]
  recursive: true

Topic		Replies	Views
Auditbeat // File intergrity // Windows / GetFileAttributes: Access is denied Beats auditbeat	6	737	November 4, 2022
Auditbeat on windows for FIM Beats auditbeat	4	1081	November 19, 2018
Windows FIM Module - how to use custom path without recursive Beats auditbeat	1	337	December 29, 2023
Only one log is output from auditbeat Beats auditbeat	4	376	October 5, 2022
Auditbeat not capturing Windows failure events Beats auditbeat	4	1383	March 14, 2019

Error monitoring Windows folders recursively

Related topics