Step 2: Configuring Winlogbeat | Winlogbeat Reference [5.1]

» »

« Step 1: Installing Winlogbeat Step 3: Configuring Winlogbeat to Use Logstash »

Step 2: Configuring Winlogbeatedit

To configure Winlogbeat, you edit the winlogbeat.yml configuration file. Here is a sample of the winlogbeat.yml file:

winlogbeat.event_logs:
  - name: Application
  - name: Security
  - name: System

output.elasticsearch:
  hosts:
    - localhost:9200

logging.to_files: true
logging.files:
  path: C:/ProgramData/winlogbeat/Logs
logging.level: info

To configure Winlogbeat:

In the event_logs section, specify the event logs that you want to monitor. By default, Winlogbeat is set to monitor application, security, and system logs:
```
winlogbeat.event_logs:
  - name: Application
  - name: Security
  - name: System
```
To obtain a list of available event logs, run Get-EventLog * in PowerShell. For more information about this command, see the configuration details for event_logs.name.
If you are sending output to Elasticsearch, set the IP address and port where Winlogbeat can find the Elasticsearch installation:
```
output.elasticsearch:
  hosts:
    - localhost:9200
```
If you are sending output to Logstash, see Step 3: Configuring Winlogbeat to Use Logstash instead.

After you save your configuration file, test it with the following command.

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe -c .\winlogbeat.yml -configtest -e

« Step 1: Installing Winlogbeat Step 3: Configuring Winlogbeat to Use Logstash »

Step 2: Configuring Winlogbeatedit

Top Videos

Be in the know with the latest and greatest from Elastic.