-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Winlogbeat] Add setting to load event_logs configuration from files #8281
Comments
+1 |
One thing that I would add is that there needs to be change to allow Winlogbeat to map each event_log reader to a registry entry. Currently there is an implied limitation that each event log reader This limitation means that you could not have granular configs like one reader that handles logon events from Security and one that handles group membership changes from Security. By requiring (or assigning) each event_log reader to have a unique ID in the config this will allow for more granular and more powerful configs (like an event_log reader that reads from multiple event logs or allows for a XML query). |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue doesn't have a |
This will be superseded by #15324, winlogbeat will be an input in filebeat. |
Add setting to load winlogbeat event_logs configuration from files, in a similar fashion to
filebeat.config.modules.path
ormetricbeat.config.modules.path
. So when using configuration management tools specific event logs configuration can be deployed to specific servers while sharing the same general settings.The configuration could then be something like this:
The text was updated successfully, but these errors were encountered: