I had install winlogbeat in windows 10 until now i received all log include secrutiy application ... except "Security Group Management" log
Are you saying that it was working on Windows 10 then it stopped?
What specific event IDs are not being collected? Are they available in the Event Viewer? What version of Winlogbeat? What's your config? Are there any errors in the log file?
1 Like
Winlogbeat is already working on Windows10 i receive all logs in database exept 4728,4732,4735 this logs are available on event viewer ,
that's my config :
winlogbeat.event_logs:
-
name: Application
ignore_older: 72h -
name: System
-
name: Security
processors:- script:
lang: javascript
id: security
file: ${path.home}/module/security/config/winlogbeat-security.js
- script:
-
name: Microsoft-Windows-Sysmon/Operational
processors:- script:
lang: javascript
id: sysmon
file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js
- script:
setup.template.settings:
index.number_of_shards: 1
I received some log like event.code: 4722 OR 4724 but i don't receive the log like 4728 OR 4732
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.