Hello,
I would like to setup the dashboard of Winlogbeat in Kibana, but when I start Winlogbeat I have an error.
I have done a curl, and saw that I got the error 401 as response.
My architecture is : Winlogbeat → Kafka → Logstash → Elastic
Here is winlogbeat.yml
# ======= Winlogbeat specific options ========
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: System
- name: Security
- name: Microsoft-Windows-Sysmon/Operational
- name: Windows PowerShell
event_id: 400, 403, 600, 800
- name: Microsoft-Windows-PowerShell/Operational
event_id: 4103, 4104, 4105, 4106
- name: ForwardedEvents
tags: [forwarded]
setup.dashboards.enabled: true
setup.dashboards.url: "http://10.60.101.10:5601/"
setup.kibana:
host: "http://10.60.101.10:5601"
username: "elastic"
password: "Yrl1d4Q_SQ3k3aX4EseO"
# ---------------------------- Kafka Output ----------------------------
output.kafka:
codec.format:
string: '%{[@timestamp]}%{[message]}'
hosts: ["10.60.101.11:9092"]
topic: 'windows'
partition.round_robin:
reachable_only: false
required_acks: 1
compression: gzip
max_message_bytes: 1000000
# =============== Processors ========
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
# ============ Winlogbeat Logs =============
logging.to_files: true
logging.files:
path: C:\Program Files\Winlogbeat\Logs
logging.level: info
If you need more information do not hesitate
Thank you