Winlogbeat collect Active Directory Security event log slowly

peterch · October 29, 2018, 6:11am

Dear All,

I have 3 Active Directory machines which installed winlogbeat. I find there are some issues on collecting security event log.

According to the below chart, it show the received security event from 3 machine

In the chart, we can see two of the machine's security event log can be received but cannot receive suddenly but application and system event still can be received.
The other machine security event log can be received but it is slow, when I tried to search 13:00 event, it still receiving 11:00 security event

log%20chart

May I know is there any limitation on winlogbeat?
is it need to wait one machine event complete receiving to start receive other machine event.
May I know why the log has delay?

Thanks

peterch · October 31, 2018, 8:24am

Anyone can answer?

Andrew_Cholakian1 · November 1, 2018, 5:32pm

Have you looked at the winlogbeat logs? Do you see any errors there?

system · November 29, 2018, 5:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat unable to keep up with AD security logs Beats winlogbeat	1	387	January 21, 2021
Logs WinlogBeat Beats winlogbeat	4	604	March 14, 2018
Winlogbeat Missing Security Events after logfile rotation Beats winlogbeat	5	549	July 19, 2021
Winlogbeat too slow? Beats winlogbeat	1	571	February 6, 2019
Event log rate and indicators Beats winlogbeat	3	806	May 5, 2017