Hello,
My question is simple but I can't really find a clear answer.
Is it possible to read a log files with Winlogbeat directly ? My company have some Windows Server with multiple services (AD, DNS, DHCP, ...) and we want to use Winlogbeat to retrieve Windows logs.
We also start to use the enrich processor and we want to retrieve DHCP logs to enrich known IPs with hostname and mac address. Unfortunately the DHCP logs concerning the DHCP lease, renewal, ... are not integrated to the Event Viewer but are only on .log files.
What I wanted to do is :
- Ingest the DHCP logs from the .log files and add a tag
- Create a if statement and forward DHCP logs to an ingest pipeline for processing
Apparently it's not possible to do that with Winlogbeat and it's not really convenient to deploy and manage two agents (Winlogbeat and Filebeat) on hundreds of servers.
Is there a way to use the EVTX archive feature in a hacky way to ingest .log files ?
Thanks,
Sébastien.