###################### Winlogbeat Configuration Example ########################

1. ###################### Winlogbeat Configuration Example ##########################
2.  
3. # This file is an example configuration file highlighting only the most common
4. # options. The winlogbeat.full.yml file from the same directory contains all the
5. # supported options with more comments. You can use it as a reference.
6. #
7. # You can find the full configuration reference here:
8. # https://www.elastic.co/guide/en/beats/winlogbeat/index.html
9.  
10. #======================= Winlogbeat specific options ==========================
11.  
12. # event_logs specifies a list of event logs to monitor as well as any
13. # accompanying options. The YAML data type of event_logs is a list of
14. # dictionaries.
15. #
16. # The supported keys are name (required), tags, fields, fields_under_root,
17. # forwarded, ignore_older, level, event_id, provider, and include_xml. Please
18. # visit the documentation for the complete details of each option.
19. # https://go.es.io/WinlogbeatConfig
20. winlogbeat.event_logs:
21. - name: Application
22. ignore_older: 72h
23. - name: Security
24. - name: System
25.  
26. #================================ General =====================================
27.  
28. # The name of the shipper that publishes the network data. It can be used to group
29. # all the transactions sent by a single shipper in the web interface.
30. #name:
31.  
32. # The tags of the shipper are included in their own field with each
33. # transaction published.
34. #tags: ["service-X", "web-tier"]
35.  
36. # Optional fields that you can specify to add additional information to the
37. # output.
38. #fields:
39. # env: staging
40.  
41. #================================ Outputs =====================================
42.  
43. # Configure what outputs to use when sending the data collected by the beat.
44. # Multiple outputs may be used.
45.  
46. #-------------------------- Elasticsearch output ------------------------------
47. #output.elasticsearch:
48. # Array of hosts to connect to.
49. # hosts: ["192.168.70.109:9200"]
50. # template.name: "winlogbeat"
51. # template.path: "winlogbeat.template.json"
52. # template.overwrite: false
53. # Optional protocol and basic auth credentials.
54. #protocol: "https"
55. #username: "elastic"
56. #password: "changeme"
57.  
58. #----------------------------- Logstash output --------------------------------
59. output.logstash:
60. # The Logstash hosts
61. hosts: ["192.168.70.110:5044"]
62.  
63. # Optional SSL. By default is off.
64. # List of root certificates for HTTPS server verifications
65. #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
66.  
67. # Certificate for SSL client authentication
68. #ssl.certificate: "/etc/pki/client/cert.pem"
69.  
70. # Client Certificate Key
71. #ssl.key: "/etc/pki/client/cert.key"
72.  
73. #================================ Logging =====================================
74.  
75. # Sets log level. The default log level is info.
76. # Available log levels are: critical, error, warning, info, debug
77. #logging.level: debug
78.  
79. # At debug level, you can selectively enable logging only for some components.
80. # To enable all selectors use ["*"]. Examples of other selectors are "beat",
81. # "publish", "service".
82. #logging.selectors: ["*"]