29 lines
1.2 KiB
YAML
29 lines
1.2 KiB
YAML
########################## Winlogbeat Configuration ###########################
|
|
|
|
# This file is a full configuration example documenting all non-deprecated
|
|
# options in comments. For a shorter configuration example, that contains only
|
|
# the most common options, please see winlogbeat.yml in the same directory.
|
|
#
|
|
# You can find the full configuration reference here:
|
|
# https://www.elastic.co/guide/en/beats/winlogbeat/index.html
|
|
|
|
#======================= Winlogbeat specific options ==========================
|
|
|
|
# The registry file is where Winlogbeat persists its state so that the beat
|
|
# can resume after shutdown or an outage. The default is .winlogbeat.yml
|
|
# in the directory in which it was started.
|
|
#winlogbeat.registry_file: .winlogbeat.yml
|
|
|
|
# event_logs specifies a list of event logs to monitor as well as any
|
|
# accompanying options. The YAML data type of event_logs is a list of
|
|
# dictionaries.
|
|
#
|
|
# The supported keys are name (required), tags, fields, fields_under_root,
|
|
# forwarded, ignore_older, level, event_id, provider, and include_xml. Please
|
|
# visit the documentation for the complete details of each option.
|
|
# https://go.es.io/WinlogbeatConfig
|
|
winlogbeat.event_logs:
|
|
- name: Application
|
|
ignore_older: 72h
|
|
- name: Security
|
|
- name: System
|