Combining Processor functions for Winlogbeat

mdobson90 · July 29, 2019, 11:36am

Hi all,

Total noob here with Elastic, so hopefully you can help.
I’m running a Graylog server which uses elastic backend, and have winlogbeat installed on all PCs via the Graylog Collector Sidecar.

My current config is:

winlogbeat.event_logs:
  - name: Security
    level: critical, error, warning

This works fine.

I’m looking to be able to also capture SOME informational event IDs, such as account logons/logoffs.
In order to do this, I want to effectively say:

winlogbeat.event_logs:
  - name: Security
    level: critical, error, warning

AND Event ID’s 4264, 4634 etc etc etc

Is this possible?

Thanks,

Matt Dobson

system · August 12, 2019, 11:36am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat configuration - need help Graylog Central (peer support) sidecar , winlogbeat	1	384	June 19, 2020
Winlogbeat configuration - snippets Graylog Central (peer support) sidecar , winlogbeat	2	4143	July 16, 2018
More Windows Event logs than what I need Graylog Central (peer support) sidecar , winlogbeat	4	3082	August 15, 2017
Winlogbeats, filtering event ids to send to graylog server Graylog Central (peer support)	4	876	February 22, 2023
Sidecar + WinLogBeat: Problem with JSON? Graylog Central (peer support) sidecar , winlogbeat	1	874	August 3, 2017

Combining Processor functions for Winlogbeat

Related topics