Winlogbeat not writing all events to Elasticsearch

mozam · August 3, 2020, 12:17pm

Hello,

I'm using the Elastic Stack version 7.8.0 ( Winlogbeat -> Elasticsearch pipeline) in Windows 10 Operating System .

Issue : Winlogbeat not capturing all the events generated in Windows Machine. For eg: (Audit trial logs cleared, Failed Login attempts etc. ) events are not getting indexed to Elasticsearch.

But I can see few other event data indexed to Elasticsearch.

Please help me, whether I'm missing any additional configuration required to capture those events.

Thanks in Advance.

fgjensen · August 3, 2020, 12:40pm

Hi @mozam Did you remember to deploy the Sysmon module, see Sysmon before starting Winlogbeat? If you compare to Auditbeat on Linux, Winlogbeat may not expose all required functionality yet, I belive.

mozam · August 3, 2020, 12:42pm

Hi @fgjensen Thanks for the quick reply.

No I haven't, let me check.

Topic		Replies	Views
Winlogbeat - not getting all the logs Beats winlogbeat	1	801	May 10, 2022
Winlogbeat not creating index in Elastic Search Beats winlogbeat	7	2536	June 22, 2017
Unable to see winlogbeat events Beats winlogbeat	8	1799	July 31, 2020
Winlogbeat data missing Beats winlogbeat	6	1079	August 18, 2022
Winlogbeat only last log shows in Kibana Beats winlogbeat	6	563	November 29, 2018

Winlogbeat not writing all events to Elasticsearch

Related topics