Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###############################################################################
- ############################# Winlogbeat ######################################
- winlogbeat:
- # The registry file is where Winlogbeat persists its state so that the beat
- # can resume after shutdown or an outage. The default is .winlogbeat.yml
- # in the directory in which it was started.
- registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml
- # List of event logs to monitor.
- #
- # Optionally, ignore_older may be specified to filter events that are older
- # then the specified amount of time. If omitted then no filtering will
- # occur. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
- event_logs:
- - name: Application
- ignore_older: 72h
- - name: Security
- - name: System
- # Diagnostic metrics that can retrieved through a web interface if a
- # bindaddress value (host:port) is specified. The web address will be
- # http://<bindaddress>/debug/vars
- #metrics:
- # bindaddress: 'localhost:8123'
- ###############################################################################
- ############################# Libbeat Config ##################################
- # Base config file used by all other beats for using libbeat features
- ############################# Output ##########################################
- # Configure what outputs to use when sending the data collected by the beat.
- # Multiple outputs may be used.
- output:
- ### Elasticsearch as output
- elasticsearch:
- # Array of hosts to connect to.
- # Scheme and port can be left out and will be set to the default (http and 9200)
- # In case you specify and additional path, the scheme is required: http://localhost:9200/path
- # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
- hosts: ["localhost:9200"]
- # Optional protocol and basic auth credentials.
- #protocol: "https"
- #username: "admin"
- #password: "s3cr3t"
- # Number of workers per Elasticsearch host.
- #worker: 1
- # Optional index name. The default is "winlogbeat" and generates
- # [winlogbeat-]YYYY.MM.DD keys.
- #index: "winlogbeat"
- # A template is used to set the mapping in Elasticsearch
- # By default template loading is disabled and no template is loaded.
- # These settings can be adjusted to load your own template or overwrite existing ones
- #template:
- # Template name. By default the template name is winlogbeat.
- #name: "winlogbeat"
- # Path to template file
- #path: "winlogbeat.template.json"
- # Overwrite existing template
- #overwrite: false
- # Optional HTTP Path
- #path: "/elasticsearch"
- # Proxy server url
- #proxy_url: http://proxy:3128
- # The number of times a particular Elasticsearch index operation is attempted. If
- # the indexing operation doesn't succeed after this many retries, the events are
- # dropped. The default is 3.
- #max_retries: 3
- # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
- # The default is 50.
- #bulk_max_size: 50
- # Configure http request timeout before failing an request to Elasticsearch.
- #timeout: 90
- # The number of seconds to wait for new events between two bulk API index requests.
- # If `bulk_max_size` is reached before this interval expires, addition bulk index
- # requests are made.
- #flush_interval: 1
- # Boolean that sets if the topology is kept in Elasticsearch. The default is
- # false. This option makes sense only for Packetbeat.
- #save_topology: false
- # The time to live in seconds for the topology information that is stored in
- # Elasticsearch. The default is 15 seconds.
- #topology_expire: 15
- # tls configuration. By default is off.
- #tls:
- # List of root certificates for HTTPS server verifications
- #certificate_authorities: ["/etc/pki/root/ca.pem"]
- # Certificate for TLS client authentication
- #certificate: "/etc/pki/client/cert.pem"
- # Client Certificate Key
- #certificate_key: "/etc/pki/client/cert.key"
- # Controls whether the client verifies server certificates and host name.
- # If insecure is set to true, all server host names and certificates will be
- # accepted. In this mode TLS based connections are susceptible to
- # man-in-the-middle attacks. Use only for testing.
- #insecure: true
- # Configure cipher suites to be used for TLS connections
- #cipher_suites: []
- # Configure curve types for ECDHE based cipher suites
- #curve_types: []
- # Configure minimum TLS version allowed for connection to logstash
- #min_version: 1.0
- # Configure maximum TLS version allowed for connection to logstash
- #max_version: 1.2
- ### Logstash as output
- #logstash:
- # The Logstash hosts
- #hosts: ["localhost:5044"]
- # Number of workers per Logstash host.
- #worker: 1
- # Set gzip compression level.
- #compression_level: info
- # Optional load balance the events between the Logstash hosts
- #loadbalance: true
- # Optional index name. The default index name depends on the each beat.
- # For Packetbeat, the default is set to packetbeat, for Topbeat
- # top topbeat and for Filebeat to filebeat.
- #index: winlogbeat
- # Optional TLS. By default is off.
- #tls:
- # List of root certificates for HTTPS server verifications
- #certificate_authorities: ["/etc/pki/root/ca.pem"]
- # Certificate for TLS client authentication
- #certificate: "/etc/pki/client/cert.pem"
- # Client Certificate Key
- #certificate_key: "/etc/pki/client/cert.key"
- # Controls whether the client verifies server certificates and host name.
- # If insecure is set to true, all server host names and certificates will be
- # accepted. In this mode TLS based connections are susceptible to
- # man-in-the-middle attacks. Use only for testing.
- #insecure: true
- # Configure cipher suites to be used for TLS connections
- #cipher_suites: []
- # Configure curve types for ECDHE based cipher suites
- #curve_types: []
- ### File as output
- #file:
- # Path to the directory where to save the generated files. The option is mandatory.
- #path: "/tmp/winlogbeat"
- # Name of the generated files. The default is `winlogbeat` and it generates files: `winlogbeat`, `winlogbeat.1`, `winlogbeat.2`, etc.
- #filename: winlogbeat
- # Maximum size in kilobytes of each file. When this size is reached, the files are
- # rotated. The default value is 10 MB.
- #rotate_every_kb: 10000
- # Maximum number of files under path. When this number of files is reached, the
- # oldest file is deleted and the rest are shifted from last to first. The default
- # is 7 files.
- #number_of_files: 7
- ### Console output
- # console:
- # Pretty print json event
- #pretty: false
- ############################# Shipper #########################################
- shipper:
- # The name of the shipper that publishes the network data. It can be used to group
- # all the transactions sent by a single shipper in the web interface.
- # If this options is not defined, the hostname is used.
- #name:
- # The tags of the shipper are included in their own field with each
- # transaction published. Tags make it easy to group servers by different
- # logical properties.
- #tags: ["service-X", "web-tier"]
- # Uncomment the following if you want to ignore transactions created
- # by the server on which the shipper is installed. This option is useful
- # to remove duplicates if shippers are installed on multiple servers.
- #ignore_outgoing: true
- # How often (in seconds) shippers are publishing their IPs to the topology map.
- # The default is 10 seconds.
- #refresh_topology_freq: 10
- # Expiration time (in seconds) of the IPs published by a shipper to the topology map.
- # All the IPs will be deleted afterwards. Note, that the value must be higher than
- # refresh_topology_freq. The default is 15 seconds.
- #topology_expire: 15
- # Internal queue size for single events in processing pipeline
- #queue_size: 1000
- # Configure local GeoIP database support.
- # If no paths are not configured geoip is disabled.
- #geoip:
- #paths:
- # - "/usr/share/GeoIP/GeoLiteCity.dat"
- # - "/usr/local/var/GeoIP/GeoLiteCity.dat"
- ############################# Logging #########################################
- # There are three options for the log ouput: syslog, file, stderr.
- # Under Windos systems, the log files are per default sent to the file output,
- # under all other system per default to syslog.
- logging:
- # Send all logging output to syslog. On Windows default is false, otherwise
- # default is true.
- #to_syslog: true
- # Write all logging output to files. Beats automatically rotate files if rotateeverybytes
- # limit is reached.
- to_files: true
- # To enable logging to files, to_files option has to be set to true
- files:
- # The directory where the log files will written to.
- path: C:/ProgramData/winlogbeat/Logs
- # The name of the files where the logs are written to.
- #name: mybeat
- # Configure log file size limit. If limit is reached, log file will be
- # automatically rotated
- rotateeverybytes: 10485760 # = 10MB
- # Number of rotated log files to keep. Oldest files will be deleted first.
- #keepfiles: 7
- # Enable debug output for selected components. To enable all selectors use ["*"]
- # Other available selectors are beat, publish, service
- # Multiple selectors can be chained.
- #selectors: [ ]
- # Sets log level. The default log level is error.
- # Available log levels are: critical, error, warning, info, debug
- level: info
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement