SHARE
TWEET

Winlogbeat

a guest Jan 25th, 2016 218 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###############################################################################
  2. ############################# Winlogbeat ######################################
  3. winlogbeat:
  4.   # The registry file is where Winlogbeat persists its state so that the beat
  5.   # can resume after shutdown or an outage. The default is .winlogbeat.yaml
  6.   # in the directory in which it was started.
  7.   registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yaml
  8.  
  9.   # List of event logs to monitor.
  10.   #
  11.   # Optionally, ignore_older may be specified to filter events that are older
  12.   # then the specified amount of time. If omitted then no filtering will
  13.   # occur. Valid time units are "ns", "us" (or "┬Ás"), "ms", "s", "m", "h"
  14.   event_logs:
  15.     - name: Application
  16.       ignore_older: 72h
  17.     - name: Security
  18.     - name: System
  19.  
  20.   # Diagnostic metrics that can retrieved through a web interface if a
  21.   # bindaddress value (host:port) is specified. The web address will be
  22.   # http://<bindaddress>/debug/vars
  23.   #metrics:
  24.   #  bindaddress: 'localhost:8123'
  25.  
  26. ###############################################################################
  27. ############################# Libbeat Config ##################################
  28. # Base config file used by all other beats for using libbeat features
  29.  
  30. ############################# Output ##########################################
  31.  
  32. # Configure what outputs to use when sending the data collected by the beat.
  33. # Multiple outputs may be used.
  34. output:
  35.  
  36.   ### Elasticsearch as output
  37.   #elasticsearch:
  38.     # Array of hosts to connect to.
  39.     # Scheme and port can be left out and will be set to the default (http and 9200)
  40.     # In case you specify and additional path, the scheme is required: http://localhost:9200/path
  41.     # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
  42.     #hosts: ["localhost:9200"]
  43.  
  44.     # Optional protocol and basic auth credentials.
  45.     #protocol: "https"
  46.     #username: "admin"
  47.     #password: "s3cr3t"
  48.  
  49.     # Number of workers per Elasticsearch host.
  50.     #worker: 1
  51.  
  52.     # Optional index name. The default is "winlogbeat" and generates
  53.     # [winlogbeat-]YYYY.MM.DD keys.
  54.     #index: "winlogbeat"
  55.  
  56.     # Optional HTTP Path
  57.     #path: "/elasticsearch"
  58.  
  59.     # Proxy server url
  60.     #proxy_url: http://proxy:3128
  61.  
  62.     # The number of times a particular Elasticsearch index operation is attempted. If
  63.     # the indexing operation doesn't succeed after this many retries, the events are
  64.     # dropped. The default is 3.
  65.     #max_retries: 3
  66.  
  67.     # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
  68.     # The default is 50.
  69.     #bulk_max_size: 50
  70.  
  71.     # Configure http request timeout before failing an request to Elasticsearch.
  72.     #timeout: 90
  73.  
  74.     # The number of seconds to wait for new events between two bulk API index requests.
  75.     # If `bulk_max_size` is reached before this interval expires, addition bulk index
  76.     # requests are made.
  77.     #flush_interval: 1
  78.  
  79.     # Boolean that sets if the topology is kept in Elasticsearch. The default is
  80.     # false. This option makes sense only for Packetbeat.
  81.     #save_topology: false
  82.  
  83.     # The time to live in seconds for the topology information that is stored in
  84.     # Elasticsearch. The default is 15 seconds.
  85.     #topology_expire: 15
  86.  
  87.     # tls configuration. By default is off.
  88.     #tls:
  89.       # List of root certificates for HTTPS server verifications
  90.       #certificate_authorities: ["/etc/pki/root/ca.pem"]
  91.  
  92.       # Certificate for TLS client authentication
  93.       #certificate: "/etc/pki/client/cert.pem"
  94.  
  95.       # Client Certificate Key
  96.       #certificate_key: "/etc/pki/client/cert.key"
  97.  
  98.       # Controls whether the client verifies server certificates and host name.
  99.       # If insecure is set to true, all server host names and certificates will be
  100.       # accepted. In this mode TLS based connections are susceptible to
  101.       # man-in-the-middle attacks. Use only for testing.
  102.       #insecure: true
  103.  
  104.       # Configure cipher suites to be used for TLS connections
  105.       #cipher_suites: []
  106.  
  107.       # Configure curve types for ECDHE based cipher suites
  108.       #curve_types: []
  109.  
  110.       # Configure minimum TLS version allowed for connection to logstash
  111.       #min_version: 1.0
  112.  
  113.       # Configure maximum TLS version allowed for connection to logstash
  114.       #max_version: 1.2
  115.  
  116.  
  117.   ### Logstash as output
  118.   logstash:
  119.     # The Logstash hosts
  120.     hosts: ["10.1.11.178:5044", "10.1.11.179:5044"]
  121.  
  122.     # Number of workers per Logstash host.
  123.     worker: 6
  124.  
  125.     # Optional load balance the events between the Logstash hosts
  126.     loadbalance: true
  127.  
  128.     # Optional index name. The default index name depends on the each beat.
  129.     # For Packetbeat, the default is set to packetbeat, for Topbeat
  130.     # top topbeat and for Filebeat to filebeat.
  131.     # chu y thay ten he thong bang ten he thong cua minhf
  132.     # Vi du lync thi se la "wb-lync"
  133.     index: wb-mail
  134.  
  135.     # Optional TLS. By default is off.
  136.     #tls:
  137.       # List of root certificates for HTTPS server verifications
  138.       #certificate_authorities: ["/etc/pki/root/ca.pem"]
  139.  
  140.       # Certificate for TLS client authentication
  141.       #certificate: "/etc/pki/client/cert.pem"
  142.  
  143.       # Client Certificate Key
  144.       #certificate_key: "/etc/pki/client/cert.key"
  145.  
  146.       # Controls whether the client verifies server certificates and host name.
  147.       # If insecure is set to true, all server host names and certificates will be
  148.       # accepted. In this mode TLS based connections are susceptible to
  149.       # man-in-the-middle attacks. Use only for testing.
  150.       #insecure: true
  151.  
  152.       # Configure cipher suites to be used for TLS connections
  153.       #cipher_suites: []
  154.  
  155.       # Configure curve types for ECDHE based cipher suites
  156.       #curve_types: []
  157.  
  158.  
  159.   ### File as output
  160.   #file:
  161.     # Path to the directory where to save the generated files. The option is mandatory.
  162.     #path: "/tmp/winlogbeat"
  163.  
  164.     # Name of the generated files. The default is `winlogbeat` and it generates files: `winlogbeat`, `winlogbeat.1`, `winlogbeat.2`, etc.
  165.     #filename: winlogbeat
  166.  
  167.     # Maximum size in kilobytes of each file. When this size is reached, the files are
  168.     # rotated. The default value is 10 MB.
  169.     #rotate_every_kb: 10000
  170.  
  171.     # Maximum number of files under path. When this number of files is reached, the
  172.     # oldest file is deleted and the rest are shifted from last to first. The default
  173.     # is 7 files.
  174.     #number_of_files: 7
  175.  
  176.  
  177.   ### Console output
  178.   # console:
  179.     # Pretty print json event
  180.     #pretty: false
  181.  
  182.  
  183. ############################# Shipper #########################################
  184.  
  185. shipper:
  186.   # The name of the shipper that publishes the network data. It can be used to group
  187.   # all the transactions sent by a single shipper in the web interface.
  188.   # If this options is not defined, the hostname is used.
  189.   #name:
  190.  
  191.   # The tags of the shipper are included in their own field with each
  192.   # transaction published. Tags make it easy to group servers by different
  193.   # logical properties.
  194.   #tags: ["service-X", "web-tier"]
  195.  
  196.   # Uncomment the following if you want to ignore transactions created
  197.   # by the server on which the shipper is installed. This option is useful
  198.   # to remove duplicates if shippers are installed on multiple servers.
  199.   #ignore_outgoing: true
  200.  
  201.   # How often (in seconds) shippers are publishing their IPs to the topology map.
  202.   # The default is 10 seconds.
  203.   #refresh_topology_freq: 10
  204.  
  205.   # Expiration time (in seconds) of the IPs published by a shipper to the topology map.
  206.   # All the IPs will be deleted afterwards. Note, that the value must be higher than
  207.   # refresh_topology_freq. The default is 15 seconds.
  208.   #topology_expire: 15
  209.  
  210.   # Configure local GeoIP database support.
  211.   # If no paths are not configured geoip is disabled.
  212.   #geoip:
  213.     #paths:
  214.     #  - "/usr/share/GeoIP/GeoLiteCity.dat"
  215.     #  - "/usr/local/var/GeoIP/GeoLiteCity.dat"
  216.  
  217.  
  218. ############################# Logging #########################################
  219.  
  220. # There are three options for the log ouput: syslog, file, stderr.
  221. # Under Windos systems, the log files are per default sent to the file output,
  222. # under all other system per default to syslog.
  223. logging:
  224.  
  225.   # Send all logging output to syslog. On Windows default is false, otherwise
  226.   # default is true.
  227.   #to_syslog: true
  228.  
  229.   # Write all logging output to files. Beats automatically rotate files if rotateeverybytes
  230.   # limit is reached.
  231.   to_files: true
  232.  
  233.   # To enable logging to files, to_files option has to be set to true
  234.   files:
  235.     # The directory where the log files will written to.
  236.     path: C:/ProgramData/winlogbeat/Logs
  237.  
  238.     # The name of the files where the logs are written to.
  239.     #name: mybeat
  240.  
  241.     # Configure log file size limit. If limit is reached, log file will be
  242.     # automatically rotated
  243.     rotateeverybytes: 10485760 # = 10MB
  244.  
  245.     # Number of rotated log files to keep. Oldest files will be deleted first.
  246.     #keepfiles: 7
  247.  
  248.   # Enable debug output for selected components. To enable all selectors use ["*"]
  249.   # Other available selectors are beat, publish, service
  250.   # Multiple selectors can be chained.
  251.   #selectors: [ ]
  252.  
  253.   # Sets log level. The default log level is error.
  254.   # Available log levels are: critical, error, warning, info, debug
  255.   level: info
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top