Hi,
After two days of attempting to change the code of Winlogbeat to access the logs of a remote SAN integrating the Windows Event Log API, I realized that the SAN was using the old "eventlogging" API.
While trying to integrate the old "eventlogging" API, I found out that in the "winlogbeat/eventlog/factory.go" file, there are keys to specify which API you want to use: "eventlog" and "eventlogging", which are the old API and the "new" API.
After adding that in "winlogbeat.yml", I succeeded to received the logs:
winlogbeat.event_logs:
- name: Security
api: eventlogging
However, I had to change the code in "eventlogging.go" to add the option to use "OpenEventLog" for remote logs. I will create another topic about that.
O.