Winlogbeat and Scheduled Task Logs (or others)

wyliebsd · June 19, 2018, 2:58pm

Could someone possibly assist me in capturing Schedule Task logs with Winlogbeat?

Right now my config is like this:

winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
- name: "Windows Powershell"
- name: Microsoft/Windows/TaskScheduler/Operational

I have tried wrapping in quotes like i did with with the Powershell log but it doesn't seem to make a difference... If someone could help me with the proper syntax for how to do this I would be very greatful.

Thanks in advance!

-Wylie

wyliebsd · June 19, 2018, 3:30pm

I also tried: Microsoft-Windows-TaskScheduler/Operational - can't see any logs tho.

wyliebsd · June 19, 2018, 4:24pm

Got it to work with: - name: "Mirosoft-Windows-TaskScheduler/Operational"

Please close this thread!

andrewkroh · June 19, 2018, 4:25pm

I was going to have you run

PS C:\> Get-WinEvent -ListLog * | Format-List -Property LogName

to check the name.

Glad you fixed it.

Reference: https://www.elastic.co/guide/en/beats/winlogbeat/current/configuration-winlogbeat-options.html#configuration-winlogbeat-options-event_logs-name

wyliebsd · June 19, 2018, 4:25pm

Will note that for later cases! Thanks a bunch Andrew!!

system · July 17, 2018, 4:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collecting powershell logs with the old beat version Beats winlogbeat	2	275	April 27, 2021
WinlogBeat DNS analytical log capture Beats winlogbeat	2	3897	March 9, 2019
Using Channel Names in Winlogbeat Config Beats winlogbeat	5	2049	April 12, 2016
Customization winlogbeat 7.16.2 on windows server Beats windows	1	324	February 9, 2022
No logs being sent by Winlogbeat Beats winlogbeat	0	150	April 22, 2024

Winlogbeat and Scheduled Task Logs (or others)

Related Topics