Hi
i hope this is the correct place to post this.
we have a Windows Event forward infrastructure in place (WEF) sending the logs to a central server.
does anyone have a config for this, my plan is that i will only need to install a shipper (winlogbeat/logstash) on the collection server it self and not on all the endpoints individually.
is this type of deployment possible?