WinlogBeat DNS analytical log capture


(Jeremy) #1

hi all,

So the latest version of WinlogBeat now support all windows event logs. Currently i'm collecting (example below) across the my company. I would also like to collect the DNS analytical log, however i'm not sure how to dirive the name of this log, could someone help me out?

Current config example:
name: Application
ignore_older: 1h

  • name: Security
    ignore_older: 1h
  • name: System
    ignore_older: 1h
  • name: Setup
  • name: Microsoft-Windows-Windows-Firewall With Advanced Security/Firewall
  • name: Microsoft-Windows-Windows-Firewall With Advanced Security/FirewallVerbose
  • name: Microsoft-Windows-Windows-TaskScheduler/Operational
  • name: Microsoft-Windows-PowerShell/Operational

The only related topic i could find:

Statement from WLB - "any channel"
https://www.elastic.co/products/beats/winlogbeat


(Andrew Kroh) #2

Analytic and Trace logs require a different API than what Winlogbeat uses.