Hi,
How does the LogStash collect Windows Event Logs? is it directly reading the .evtx files using WMI or does it depend on any events to receive the windows event logs?
logstash.conf
input {
eventlog {
type => "eventlog"
}
}
I have gone through the link https://github.com/elastic/logstash/blob/v1.1.1/lib/logstash/inputs/eventlog.rb, it looks like the log files are read directly.
Please confirm if my understanding is correct, this is just for my reference.
Thanks & Regards,
Mohan G