Help constructing yaml file

Emorta · October 23, 2023, 8:57am

Hello, I'm trying to monitor Windows events (security only) and DHCP event logs (files). The first part works well; logs are collected and shipped, and it has been running for 3 months. I now want to add file logging for DHCP. The log files are located in the paths %windir%\System32\DHCP\DhcpSrvLog-*.log.

However, when I add the following configuration:

filebeat.inputs:

type: log
enabled: true
paths:
- %windir%\System32\DHCP\DhcpSrvLog-*.log
  The service fails to start, and I'm unsure why. The service is running as "Local System."
  should i not be able to run both Windows event logging and File logging in the same yaml file?

carly.richmond · October 23, 2023, 9:25am

Hi @Emorta,

Do you have any errors or warnings in the logs at all?

system · November 20, 2023, 11:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing Windows DHCP Logs with Filebeat Microsoft Module Beats filebeat	4	845	March 4, 2021
Parsing Windows DHCP Logs with Filebeat Microsoft Module Beats beats-module , filebeat	6	3063	December 18, 2020
Windows Dhcp Server logs with Filebeat Beats filebeat	3	1678	September 12, 2019
Filebeat & Windows DHCP Logging Beats filebeat	2	1360	May 22, 2021
Unable to see winlogbeat logs in the analytics discover Beats winlogbeat	1	208	October 14, 2022

Help constructing yaml file

Related topics