Read Last 3 moth Historic Log from Windows Events Log

rijinmp · October 8, 2021, 6:33am

I am planning to install winlog beat in one of my Windows host.
How can we read last 3 month historic logs( logs generated before the winlogbeat installation) from windows event log.

My requirement is to read the log from last 3 months.
For example If I am installing today , I would like to read log from July 8th.

Is this ok ?

winlogbeat.event_logs:
  - name: Application
    ignore_older: 3 months 
  - name: Security
  - name: System

Or once the fresh installation of winlogbeat , did this read all historic logs ?

mazoutte · October 8, 2021, 9:31am

Hello,

It really depends on the retention file of the desired events.
Winlogbeat will only read the eventlogs you have locally, so it depends of the entries present in your logfile (evtx if you want).
If your local evtx does not cover 3 months, then the answer is no.

system · November 5, 2021, 11:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.