I've been given the task to get our companies log monitoring up and going, so I'm really effing new to this.
I have Security Onion installed - our local firewall is speaking to it fine - which is good.
I have then wanted to install winlogbeat to a local computer ( we don't have a server )
I have created the .yml file
winlogbeat.event_logs: - name: Application - name: Security - name: System output.elasticsearch: hosts: - 10.1.1.25:9200 setup.kibana: host: "10.1.1.25:5601" logging.to_files: true logging.files: path: C:/ProgramData/winlogbeat/Logs logging.level: info
Can someone direct me to some quality tutorials of how to get the logs working and what setting to set up?
I have run the test again the config file and all seems OK.
Again apologies for being useless.