Hi,
Is there anyway we can use ForwardedEvents in logstash with eventlog input plugin?
Windows Os Event log are in encrypted format, because of which the file input is not working i believe, I tried something like below and I dont see logstash able to read anydata other than Application,System and Security.
input {
file {
type => "Win32-EventLog'"
path => ["C:\Windows\System32\winevt\Logs\ForwardedEvents.evtx"]
start_position => "beginning"
}
}
How can I add another file called Forwarded Events?
Thanks