Usage of Channel field name in ELK Windows config

2019-06-11 13:15:43 +02:00
parent 407d8214f7
commit 5715413da9
2 changed files with 6 additions and 6 deletions
@@ -15,30 +15,30 @@ logsources:
    product: windows
    service: application
    conditions:
-      EventLog: Application
+      Channel: Application
  windows-security:
    product: windows
    service: security
    conditions:
-      EventLog: Security
+      Channel: Security
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
-      EventLog: Microsoft-Windows-Sysmon
+      Channel: Microsoft-Windows-Sysmon
  windows-dns-server:
    product: windows
    service: dns-server
    conditions:
-      EventLog: 'DNS Server'
+      Channel: 'DNS Server'
  windows-driver-framework:
    product: windows
    service: driver-framework
    conditions:
-      source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational'
+      Channel: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational'
  windows-dhcp:
    product: windows
    service: dhcp
    conditions:
-      source: 'Microsoft-Windows-DHCP-Server/Operational'
+      Channel: 'Microsoft-Windows-DHCP-Server/Operational'
 defaultindex: logstash-*