Monitoring a Windows file Server user info

Hello ,

if i´m monitoring a Windows file Server, How can I log the user info?

Thank you in advance.

The file_integrity module can report changes to files/dirs but not who made the change. This is because the API use to watch for changes does not include the data.

Windows has a built-in audit capability that can that you can deploy that reports events to the Security event log. Those events can then be read by Winlogbeat and forwarded to Elasticsearch. See

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.