How to add new file type called ForwardedEvents in logstash eventlog input plugin?

sam281 · September 29, 2017, 1:34pm

Hi,

Is there anyway we can use ForwardedEvents in logstash with eventlog input plugin?

Windows Os Event log are in encrypted format, because of which the file input is not working i believe, I tried something like below and I dont see logstash able to read anydata other than Application,System and Security.

input {
file {
type => "Win32-EventLog'"
path => ["C:\Windows\System32\winevt\Logs\ForwardedEvents.evtx"]
start_position => "beginning"
}
}

How can I add another file called Forwarded Events?

Thanks

system · October 27, 2017, 1:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows logstash input section for adding new input type Logstash	1	408	October 18, 2017
EventLog input/plugin only supports Application, System and Security.... why?!?!? Logstash	4	665	July 6, 2017
Windows event logs, NXLog, and Logstash - Oh My! Logstash	4	5573	July 6, 2017
Eventlog input ,errors out Logstash	5	459	May 10, 2017
Logstash eventlog Logstash	2	1194	July 6, 2017

How to add new file type called ForwardedEvents in logstash eventlog input plugin?

Related topics