Winlogbeat Missing Security Events after logfile rotation

Version: 7.12.0
OS: Windows Server 2016

10 second time frame:

3221 reported

3282 Security event log

During that timeframe the security log reaches Max log size and new logfile is created.
Event log automatic backup
Log: Security

Hi @Ed_28 ,

Could you provide more details please? I'm not entirely sure what you're asking.

Thanks!

Hi,

The Security event log size has been set to 200MB. When the size is reached the log file is archived and a new log file is created.
During that time frame the logs that land in the Security Event log are not transferred by the winlogbeat service.
3221 log entries are that are sent by the winlogbeat
3282 events are that are inside the 2 logfiles
in a 10 second timeframe.

Hey @Ed_28 sorry for not getting back to you sooner.

Is this happening just for the security event logs, or any other windows events? Just want to check if it's specific to one topic vs all windows event logs.

Thanks,
James

The security logs are the fastest to generate so cannot be sure. Other logs do not rotate that often.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.