I have installed winlogbeat 5.6.5 version in the windows server 2012 machine and to capture only specific event id's from the machine, I have given the event id's in the winlogbeat.yml file
winlogbeat.event_logs: - name: Security event_id: 4612, 4625, 4648, 4672, 4673, 4719, 4720, 4723, 4738, 4740, 4742
But I am receiving the other event id's with respect to security log name and below is the list,
5156, 5145, 4658, 4661, 4634, 4624, 5158 etc..
I have read this documentation and in that it mentioned like this option is only available on supporting the windows log event API.
Does the windows server 2012 operating system doesn't support this feature?
Please let me your thoughts it would be very helpful.