32 lines
1.2 KiB
YAML
32 lines
1.2 KiB
YAML
|
###################### Winlogbeat Configuration Example ##########################
|
||
|
|
|
||
|
|
# This file is an example configuration file highlighting only the most common
|
||
|
|
# options. The winlogbeat.reference.yml file from the same directory contains all the
|
||
|
|
# supported options with more comments. You can use it as a reference.
|
||
|
|
#
|
||
|
|
# You can find the full configuration reference here:
|
||
|
|
# https://www.elastic.co/guide/en/beats/winlogbeat/index.html
|
||
|
|
|
||
|
|
#======================= Winlogbeat specific options ==========================
|
||
|
|
|
||
|
|
# event_logs specifies a list of event logs to monitor as well as any
|
||
|
|
# accompanying options. The YAML data type of event_logs is a list of
|
||
|
|
# dictionaries.
|
||
|
|
#
|
||
|
|
# The supported keys are name (required), tags, fields, fields_under_root,
|
||
|
|
# forwarded, ignore_older, level, event_id, provider, and include_xml. Please
|
||
|
|
# visit the documentation for the complete details of each option.
|
||
|
|
# https://go.es.io/WinlogbeatConfig
|
||
|
|
winlogbeat.event_logs:
|
||
|
|
- name: Application
|
||
|
|
ignore_older: 72h
|
||
|
|
- name: Security
|
||
|
|
- name: System
|
||
|
|
|
||
|
|
#==================== Elasticsearch template setting ==========================
|
||
|
|
|
||
|
|
setup.template.settings:
|
||
|
|
index.number_of_shards: 3
|
||
|
|
#index.codec: best_compression
|
||
|
|
#_source.enabled: false
|