Dear All,
I have 3 Active Directory machines which installed winlogbeat. I find there are some issues on collecting security event log.
According to the below chart, it show the received security event from 3 machine
-
In the chart, we can see two of the machine's security event log can be received but cannot receive suddenly but application and system event still can be received.
-
The other machine security event log can be received but it is slow, when I tried to search 13:00 event, it still receiving 11:00 security event
- May I know is there any limitation on winlogbeat?
- is it need to wait one machine event complete receiving to start receive other machine event.
- May I know why the log has delay?
Thanks