duzvik · November 3, 2021 17:11
diff --git a/winlogbeat.yml b/winlogbeat.yml
 winlogbeat.event_logs:
  - name: Application
    ignore_older: 30m
  - name: Security
    ignore_older: 30m
  - name: System
    ignore_older: 30m
  - name: Microsoft-windows-sysmon/operational
    ignore_older: 30m
  - name: Microsoft-windows-PowerShell/Operational
    ignore_older: 30m
    event_id: 4103, 4104
  - name: Windows PowerShell
    event_id: 400,600
    ignore_older: 30m
  - name: Microsoft-Windows-WMI-Activity/Operational
    event_id: 5857,5858,5859,5860,5861
  - name: SilkService-Log
    ignore_older: 30m
  - name: Microsoft-Windows-Windows Defender/Operational
    ignore_older: 30
  - name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
    ignore_older: 30

 output.kafka:
  hosts: ["IPADDRESS:9092"]
  topic: "winlogbeat"
  max_retries: 2
  max_message_bytes: 1000000
	winlogbeat.event_logs:
	- name: Application
	ignore_older: 30m
	- name: Security
	ignore_older: 30m
	- name: System
	ignore_older: 30m
	- name: Microsoft-windows-sysmon/operational
	ignore_older: 30m
	- name: Microsoft-windows-PowerShell/Operational
	ignore_older: 30m
	event_id: 4103, 4104
	- name: Windows PowerShell
	event_id: 400,600
	ignore_older: 30m
	- name: Microsoft-Windows-WMI-Activity/Operational
	event_id: 5857,5858,5859,5860,5861
	- name: SilkService-Log
	ignore_older: 30m
	- name: Microsoft-Windows-Windows Defender/Operational
	ignore_older: 30
	- name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
	ignore_older: 30

	output.kafka:
	hosts: ["IPADDRESS:9092"]
	topic: "winlogbeat"
	max_retries: 2
	max_message_bytes: 1000000