Hello, I'm trying to monitor Windows events (security only) and DHCP event logs (files). The first part works well; logs are collected and shipped, and it has been running for 3 months. I now want to add file logging for DHCP. The log files are located in the paths %windir%\System32\DHCP\DhcpSrvLog-*.log.
However, when I add the following configuration:
filebeat.inputs:
- type: log
enabled: true
paths:- %windir%\System32\DHCP\DhcpSrvLog-*.log
The service fails to start, and I'm unsure why. The service is running as "Local System."
should i not be able to run both Windows event logging and File logging in the same yaml file?
- %windir%\System32\DHCP\DhcpSrvLog-*.log