Winlogbeat Missing Security Events after logfile rotation

Ed_28 · May 5, 2021, 11:50am

Version: 7.12.0
OS: Windows Server 2016

10 second time frame:

3221 reported

3282 Security event log

During that timeframe the security log reaches Max log size and new logfile is created.
Event log automatic backup
Log: Security

jamesspi · May 28, 2021, 11:28am

Hi @Ed_28 ,

Could you provide more details please? I'm not entirely sure what you're asking.

Thanks!

Ed_28 · May 28, 2021, 12:24pm

Hi,

The Security event log size has been set to 200MB. When the size is reached the log file is archived and a new log file is created.
During that time frame the logs that land in the Security Event log are not transferred by the winlogbeat service.
3221 log entries are that are sent by the winlogbeat
3282 events are that are inside the 2 logfiles
in a 10 second timeframe.

jamesspi · June 21, 2021, 7:03am

Hey @Ed_28 sorry for not getting back to you sooner.

Is this happening just for the security event logs, or any other windows events? Just want to check if it's specific to one topic vs all windows event logs.

Thanks,
James

Ed_28 · June 21, 2021, 8:06am

The security logs are the fastest to generate so cannot be sure. Other logs do not rotate that often.

system · July 19, 2021, 10:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.