I did some more tests with the own security channel of the central log collector and no events are missing. So issue is on the Forwarded Events channel, but this is strange than only few people have noticed this
I also compared with nxlogs and with this tool no events are missing from Forwarded Events channel, but I would like to use WinLogBeats because I can have fields in ECS format and so use Elastic SIEM
OK. Solved. In my setup, WinLogBeats send logs to Kafkfa, then to Logstash. After more analysis, issue was between Kafka and Logstash. For a unknown reason, some events was not consumed by Logstash Kafka input. I created a new topic and no more issue
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.