Winlogbeat and Scheduled Task Logs (or others)

wyliebsd · June 19, 2018, 2:58pm

Could someone possibly assist me in capturing Schedule Task logs with Winlogbeat?

Right now my config is like this:

winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
- name: "Windows Powershell"
- name: Microsoft/Windows/TaskScheduler/Operational

I have tried wrapping in quotes like i did with with the Powershell log but it doesn't seem to make a difference... If someone could help me with the proper syntax for how to do this I would be very greatful.

Thanks in advance!

-Wylie

wyliebsd · June 19, 2018, 3:30pm

I also tried: Microsoft-Windows-TaskScheduler/Operational - can't see any logs tho.

wyliebsd · June 19, 2018, 4:24pm

Got it to work with: - name: "Mirosoft-Windows-TaskScheduler/Operational"

Please close this thread!

andrewkroh · June 19, 2018, 4:25pm

I was going to have you run

PS C:\> Get-WinEvent -ListLog * | Format-List -Property LogName

to check the name.

Glad you fixed it.

Reference: https://www.elastic.co/guide/en/beats/winlogbeat/current/configuration-winlogbeat-options.html#configuration-winlogbeat-options-event_logs-name

wyliebsd · June 19, 2018, 4:25pm

Will note that for later cases! Thanks a bunch Andrew!!

Topic		Replies	Views
Collecting powershell logs with the old beat version Beats winlogbeat	2	304	April 27, 2021
Can I ingest specific log files using winlogbeat? Beats winlogbeat	5	817	May 24, 2022
No logs being sent by Winlogbeat Beats winlogbeat	0	237	April 22, 2024
Monitoring Specials Event Logs Beats winlogbeat	3	666	October 8, 2018
Winlogbeat - not getting all the logs Beats winlogbeat	1	805	May 10, 2022

Winlogbeat and Scheduled Task Logs (or others)

Related topics