I am new to winlogbeat and just trying to get it rolled out across all of our windows servers.
I just pushed out Winlogbeat to our devtest environment. I had no issues with sandbox environment or any issues when test in my local environment.
Winlogbeat version - 7.9.0
====== Winlogbeat specific options =========
winlogbeat.registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
winlogbeat.shutdown_timeout: 60s
winlogbeat.event_logs:
-
name: Application
ignore_older: 30m -
name: System
ignore_older: 30m -
name: Security
ignore_older: 30m -
name: Microsoft-IIS-Logging/Logs
ignore_older: 30m
== Outputs ===
Registry File:
File Contents - problem server
update_time: 2020-09-04T14:51:42.2454804Z
event_logs:
File Contents - working server
update_time: 2020-09-04T15:18:37.2668994Z
event_logs:
- name: Application
record_number: 2317
timestamp: 2020-09-04T14:31:11.2885802Z
bookmark: "\r\n \r\n" - name: Security
record_number: 648070
timestamp: 2020-09-04T15:18:32.962626Z
bookmark: "\r\n \r\n" - name: System
record_number: 49856
timestamp: 2020-09-04T15:14:08.9264544Z
bookmark: "\r\n \r\n"
SaltState is managed in Gitlab. No changes were made to it between the time it was merged from Sandbox to DevTest.
I have compared the winlogbeat.yml file in C:\Program Files\Winlogbeat on both servers and they match.
Any thoughts on what might be causing my issue? I can provide additional info if helpful.