You need to log in to create posts and topics.

YAML for winlogbeat

Do we have a YAML sample output file for winlogbeat we can use with vizion.ai ELK please?

 

R

Steve

Here is an example Winlogbeat file with a few places to enter in the credentials of your Vizion Elastic App:

 

###################### Winlogbeat Configuration Example ##########################

 

# This file is an example configuration file highlighting only the most common

# options. The winlogbeat.reference.yml file from the same directory contains all the

# supported options with more comments. You can use it as a reference.

#

# You can find the full configuration reference here:

# https://www.elastic.co/guide/en/beats/winlogbeat/index.html

 

#======================= Winlogbeat specific options ==========================

 

# event_logs specifies a list of event logs to monitor as well as any

# accompanying options. The YAML data type of event_logs is a list of

# dictionaries.

#

# The supported keys are name (required), tags, fields, fields_under_root,

# forwarded, ignore_older, level, event_id, provider, and include_xml. Please

# visit the documentation for the complete details of each option.

# https://go.es.io/WinlogbeatConfig

winlogbeat.event_logs:

- name: Application

ignore_older: 72h

- name: Security

- name: System

 

#==================== Elasticsearch template setting ==========================

 

setup.template.settings:

index.number_of_shards: 3

#index.codec: best_compression

#_source.enabled: false

 

#================================ General =====================================

 

# The name of the shipper that publishes the network data. It can be used to group

# all the transactions sent by a single shipper in the web interface.

#name:

 

# The tags of the shipper are included in their own field with each

# transaction published.

#tags: ["service-X", "web-tier"]

 

# Optional fields that you can specify to add additional information to the

# output.

#fields:

#  env: staging

 

 

#============================== Dashboards =====================================

# These settings control loading the sample dashboards to the Kibana index. Loading

# the dashboards is disabled by default and can be enabled either by setting the

# options here, or by using the `-setup` CLI flag or the `setup` command.

#setup.dashboards.enabled: false

 

# The URL from where to download the dashboards archive. By default this URL

# has a value which is computed based on the Beat name and version. For released

# versions, this URL points to the dashboard archive on the artifacts.elastic.co

# website.

#setup.dashboards.url:

 

#============================== Kibana =====================================

 

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.

# This requires a Kibana endpoint configuration.

setup.kibana:

 

# Kibana Host

# Scheme and port can be left out and will be set to the default (http and 5601)

# In case you specify and additional path, the scheme is required: http://localhost:5601/path

# IPv6 addresses should always be defined as: https://%5B2001:db8::1]:5601

host: "https://app.vizion.ai:443/kibana"

protocol: "https"

username: "<< your es username >>"

password: "<< your es password >>"

 

# Kibana Space ID

# ID of the Kibana Space into which the dashboards should be loaded. By default,

# the Default Space will be used.

#space.id:

 

#============================= Elastic Cloud ==================================

 

# These settings simplify using winlogbeat with the Elastic Cloud (https://cloud.elastic.co/).

 

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and

# `setup.kibana.host` options.

# You can find the `cloud.id` in the Elastic Cloud web UI.

#cloud.id:

 

# The cloud.auth setting overwrites the `output.elasticsearch.username` and

# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.

#cloud.auth:

 

#================================ Outputs =====================================

 

# Configure what output to use when sending the data collected by the beat.

 

#-------------------------- Elasticsearch output ------------------------------

output.elasticsearch:

# Array of hosts to connect to.

hosts: ["<< your elasticsearch url >>"]

 

# Optional protocol and basic auth credentials.

#protocol: "https"

username: "<< your es username >>"

password: "<< your es password >>""

ssl.verification_mode: none

 

timeout: 500

 

 

#----------------------------- Logstash output --------------------------------

#output.logstash:

# The Logstash hosts

#hosts: ["localhost:5044"]

 

# Optional SSL. By default is off.

# List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

 

# Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

 

# Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

 

#================================ Procesors =====================================

 

# Configure processors to enhance or manipulate events generated by the beat.

 

processors:

- add_host_metadata: ~

- add_cloud_metadata: ~

 

#================================ Logging =====================================

 

# Sets log level. The default log level is info.

# Available log levels are: error, warning, info, debug

#logging.level: debug

 

# At debug level, you can selectively enable logging only for some components.

# To enable all selectors use ["*"]. Examples of other selectors are "beat",

# "publish", "service".

#logging.selectors: ["*"]