Winlogbeat Missing Security Events after logfile rotation

Ed_28 · May 5, 2021, 11:50am

Version: 7.12.0
OS: Windows Server 2016

10 second time frame:

3221 reported

3282 Security event log

During that timeframe the security log reaches Max log size and new logfile is created.
Event log automatic backup
Log: Security

jamesspi · May 28, 2021, 11:28am

Hi @Ed_28 ,

Could you provide more details please? I'm not entirely sure what you're asking.

Thanks!

Ed_28 · May 28, 2021, 12:24pm

Hi,

The Security event log size has been set to 200MB. When the size is reached the log file is archived and a new log file is created.
During that time frame the logs that land in the Security Event log are not transferred by the winlogbeat service.
3221 log entries are that are sent by the winlogbeat
3282 events are that are inside the 2 logfiles
in a 10 second timeframe.

jamesspi · June 21, 2021, 7:03am

Hey @Ed_28 sorry for not getting back to you sooner.

Is this happening just for the security event logs, or any other windows events? Just want to check if it's specific to one topic vs all windows event logs.

Thanks,
James

Ed_28 · June 21, 2021, 8:06am

The security logs are the fastest to generate so cannot be sure. Other logs do not rotate that often.

system · July 19, 2021, 10:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat and huge Windows Security Log Beats winlogbeat	3	3629	November 28, 2016
Winlogbeat collect Active Directory Security event log slowly Beats winlogbeat	3	814	November 29, 2018
Winlogbeat unable to keep up with AD security logs Beats winlogbeat	1	387	January 21, 2021
Windows Security Logs Winlogbeat Beats winlogbeat	3	541	March 24, 2022
Windows server is almost not generating logs after winlogbeat installation Beats winlogbeat	7	1549	July 14, 2016

Winlogbeat Missing Security Events after logfile rotation

3221 reported

3282 Security event log

Related Topics