tools/config/logstash-windows.yml

title: Logstash Windows common log sources
order: 20
backends:
  - es-qs
  - es-dsl
  - kibana
  - xpack-watcher
  - elastalert
  - elastalert-dsl
logsources:
  windows:
    product: windows
    index: logstash-windows-*
  windows-application:
    product: windows
    service: application
    conditions:
      Channel: Application
  windows-security:
    product: windows
    service: security
    conditions:
      Channel: Security
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
      Channel: Microsoft-Windows-Sysmon
  windows-dns-server:
    product: windows
    service: dns-server
    conditions:
      Channel: 'DNS Server'
  windows-driver-framework:
    product: windows
    service: driver-framework
    conditions:
      Channel: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational'
  windows-dhcp:
    product: windows
    service: dhcp
    conditions:
      Channel: 'Microsoft-Windows-DHCP-Server/Operational'
defaultindex: logstash-*
Added title to all configurations 2019-05-16 23:33:51 +02:00			`title: Logstash Windows common log sources`
Configuration order checking 2019-04-23 00:54:10 +02:00			`order: 20`
Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00			`backends:`
			`- es-qs`
			`- es-dsl`
			`- kibana`
			`- xpack-watcher`
			`- elastalert`
introduce elastalert-dsl 2019-05-27 17:11:59 +02:00			`- elastalert-dsl`
Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00			`logsources:`
			`windows:`
			`product: windows`
			`index: logstash-windows-*`
			`windows-application:`
			`product: windows`
			`service: application`
			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: Application`
Parsing log sources in configuration files 2017-03-12 23:12:21 +01:00			`windows-security:`
			`product: windows`
			`service: security`
			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: Security`
Log source conditions are integrated in generated expressions 2017-03-14 23:22:32 +01:00			`windows-sysmon:`
			`product: windows`
			`service: sysmon`
			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: Microsoft-Windows-Sysmon`
Added eventlog source DNS Server to configs 2017-05-08 13:09:17 +02:00			`windows-dns-server:`
			`product: windows`
			`service: dns-server`
			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: 'DNS Server'`
Added Windows Driver Framework log source to configs 2017-11-09 08:42:58 +01:00			`windows-driver-framework:`
			`product: windows`
			`service: driver-framework`
			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational'`
DHCP log source in sigmac configs 2019-02-05 14:35:16 +01:00			`windows-dhcp:`
			`product: windows`
			`service: dhcp`
introduce elastalert-dsl 2019-05-27 17:11:59 +02:00			`conditions:`
Usage of Channel field name in ELK Windows config 2019-06-11 13:15:43 +02:00			`Channel: 'Microsoft-Windows-DHCP-Server/Operational'`
Added default index handling 2017-10-23 00:05:12 +02:00			`defaultindex: logstash-*`