Hi, I'm trying to send windows defender logs to logstash using winlogbeat. I added
name: Microsoft-Windows-Windows Defender/Operational in winlogbeat.yml file but not getting any logs related to defender only Microsoft-Windows-Security-Auditing related logs we are getting. We need to do any other changes other than adding name in yml file(restarting winlogbeat).
As a test I would recommend to comment out all other winlogbeat.event_logs and leave just the Windows Defender. Then enable logging.level: debug
and startup Winlogbeat.
Then take a look at the log file and see what it's doing.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.