Quick question.
How can I play one event log on repeat or loop?
How to ignore bookmark when start the winlogbeat?
And can i auto restart the winlogbeat when changed the winlogbeat.yml?
Thanks.
I think you would want to script the process. Like delete the registry file (.winlogbeat.yml), run winlogbeat until it reads the whole event log (use no_more_events: stop similar to how its mentioned in reading .evtx files). Then repeat that in a loop.
It will always try to use the bookmarks if they exist. You could change the registry_path for each new run or just delete the file between runs.
Winlogbeat doesn't have a config reloading feature that monitors the file for changes.
I appreciate your help. Have a good day.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.