Winlogbeat registry file issues

jlwingo · September 4, 2020, 3:22pm

I am new to winlogbeat and just trying to get it rolled out across all of our windows servers.

I just pushed out Winlogbeat to our devtest environment. I had no issues with sandbox environment or any issues when test in my local environment.

Winlogbeat version - 7.9.0

====== Winlogbeat specific options =========

winlogbeat.registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
winlogbeat.shutdown_timeout: 60s

winlogbeat.event_logs:

Registry File:
File Contents - problem server
update_time: 2020-09-04T14:51:42.2454804Z
event_logs:

File Contents - working server
update_time: 2020-09-04T15:18:37.2668994Z
event_logs:

name: Application
record_number: 2317
timestamp: 2020-09-04T14:31:11.2885802Z
bookmark: "\r\n \r\n"
name: Security
record_number: 648070
timestamp: 2020-09-04T15:18:32.962626Z
bookmark: "\r\n \r\n"
name: System
record_number: 49856
timestamp: 2020-09-04T15:14:08.9264544Z
bookmark: "\r\n \r\n"

SaltState is managed in Gitlab. No changes were made to it between the time it was merged from Sandbox to DevTest.

I have compared the winlogbeat.yml file in C:\Program Files\Winlogbeat on both servers and they match.

Any thoughts on what might be causing my issue? I can provide additional info if helpful.

system · October 2, 2020, 5:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat 6.0.0 Registry File Beats winlogbeat	5	1183	December 26, 2017
Winlogbeat ignores registry file with forwarded events Beats winlogbeat	7	1680	April 4, 2017
Winlogbeat does not write specific eventlog status in registry file Beats winlogbeat	8	938	July 16, 2018
Registry file entry is empty Beats filebeat	3	2038	August 1, 2017
Filebeat on Windows seem to not use the registry file Beats filebeat	13	3982	April 17, 2017