Hello,
I'm using the Elastic Stack version 7.8.0 ( Winlogbeat -> Elasticsearch pipeline) in Windows 10 Operating System .
Issue : Winlogbeat not capturing all the events generated in Windows Machine. For eg: (Audit trial logs cleared, Failed Login attempts etc. ) events are not getting indexed to Elasticsearch.
But I can see few other event data indexed to Elasticsearch.
Please help me, whether I'm missing any additional configuration required to capture those events.
Thanks in Advance.
Hi @mozam Did you remember to deploy the Sysmon module, see Sysmon before starting Winlogbeat? If you compare to Auditbeat on Linux, Winlogbeat may not expose all required functionality yet, I belive.
Hi @fgjensen Thanks for the quick reply.
No I haven't, let me check.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.