How or what is the best way to configure the Winlogbeat.yml file to send all Windows events? Thoughts?
You could generate a config with all the channels.
There is no support for wildcards today. It's not too hard to generate the configuration file if you are using some kind of CM tool (like Ansible) to manage the installation and config. You could generate a one-off config using the script below.
I agree the file does get big, but it's quite straight forward to manage. You know exactly what logs are going to be read.
If wildcard support was added, I would want it to periodically check for new event logs. This is the one thing that you won't ge…
system
April 5, 2019, 2:26pm
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.