I have configured the winlogbeat.yml file to take EventID:4801,4800,4624,4625, but when I am checking on Kibana, it is showing me logs of EventID:4625 and 4624. No logs are getting generated for EventId: 4800 and 4801.
I have attached the Kibana visualisation and screenshot of my winlogbeat.yml file.
Hi,
Which version of Windows are you running?
Do you see those events in Event Viewer?
If so, please share the debug logs of winlogbeat (-d * option)
Hi Adrain,
I am using windows 10. Yeah i am able to see those events in event viewer.
Could you please tell me how to get the debug log?
See the following options:
https://www.elastic.co/guide/en/beats/winlogbeat/current/configuration-logging.html
Use debug log level:
logging.level: debug
And paste your logs or share via private message. Thanks
thanks,
from past two days I am getting the event logs generated for those EventIDs(4801 and 4800) and are getting visualised in my local machine.
I tried to send it to remote server, and as well as to my local machine. But that event is not getting generated in remote server but coming successfully in my local machine.
Could you tell me why, and what should be done.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.