Winlogbeat enables the Windows Event Collector (WEC) server to forward Windows Event logs to the AARNet SOC.
How it works
Winlogbeat:
- Watches the event logs on the Windows Event Collector (WEC) server.
- Reads from event logs using Windows APIs.
- Filters the events using the criteria set by AARNet.
- Persists the read position to disk for each event log, so that Winlogbeat can resume progress after a restart.
- Forwards event logs to SOC.
- SOC collects and analyses the event logs.
Customise your Winlogbeat installation
We provide instructions for setting up Winlogbeat for common network requirements. Talk to AARNet Support if you need customised installation or configuration.