Winlogbeat and Scheduled Task Logs (or others)

wyliebsd · June 19, 2018, 2:58pm

Could someone possibly assist me in capturing Schedule Task logs with Winlogbeat?

Right now my config is like this:

winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
- name: "Windows Powershell"
- name: Microsoft/Windows/TaskScheduler/Operational

I have tried wrapping in quotes like i did with with the Powershell log but it doesn't seem to make a difference... If someone could help me with the proper syntax for how to do this I would be very greatful.

Thanks in advance!

-Wylie

wyliebsd · June 19, 2018, 3:30pm

I also tried: Microsoft-Windows-TaskScheduler/Operational - can't see any logs tho.

wyliebsd · June 19, 2018, 4:24pm

Got it to work with: - name: "Mirosoft-Windows-TaskScheduler/Operational"

Please close this thread!

andrewkroh · June 19, 2018, 4:25pm

I was going to have you run

PS C:\> Get-WinEvent -ListLog * | Format-List -Property LogName

to check the name.

Glad you fixed it.

Reference: https://www.elastic.co/guide/en/beats/winlogbeat/current/configuration-winlogbeat-options.html#configuration-winlogbeat-options-event_logs-name

wyliebsd · June 19, 2018, 4:25pm

Will note that for later cases! Thanks a bunch Andrew!!

system · July 17, 2018, 4:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collecting powershell logs with the old beat version Beats winlogbeat	2	275	April 27, 2021
Cant filter out events? Beats winlogbeat	15	875	November 24, 2020
Using Channel Names in Winlogbeat Config Beats winlogbeat	5	2049	April 12, 2016
Anyone worked with logbeat in the users' workstations? Beats winlogbeat	2	489	August 10, 2018
Winlogbeat service stopped automaticly Beats windows , winlogbeat	3	1083	November 1, 2020

Winlogbeat and Scheduled Task Logs (or others)

Related topics