Winlogbeat Not Logging All Event ID

Hi all,

I installed the ELK stack to try it out, all services on the same windows server. I was able to get the winlogbeat on a couple of domain controllers and shipping logs. I enabled advanced logging to get group membership management, as well as directory changes sent to ELK. The issue is that in the dashboard I can see the security logs for events such as user logon/logoff, but it appears all of the logs are not being pulled into the dashboard and I'm not sure why. The winlogbeat.yaml is default except for the host settings for elastic/kibana. I also had to uncomment some log settings to get the 'winlogbeat.exe setup -e' Does this stand out to anybody?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.