Skip to content

Commit

Permalink
Add default value and docs
Browse files Browse the repository at this point in the history
  • Loading branch information
marc-gr committed Sep 9, 2021
1 parent 3bb93fb commit 6370b9e
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
4 changes: 4 additions & 0 deletions winlogbeat/docs/modules.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ a `script` processor to your configuration file and point it at the included
script file for the module. The documentation for each module includes an
example.

NOTE: The provided modules only support events in english. For more information
about how to configure the language in `winlogbeat`, refer to <<configuration-winlogbeat-options>>.

[float]
=== Usage with Forwarded Events

Expand All @@ -34,6 +37,7 @@ script processors that are guarded by a conditional `when` statement.
winlogbeat.event_logs:
- name: ForwardedEvents
tags: [forwarded]
language: 0x0409
processors:
- script:
when.equals.winlog.channel: Security
Expand Down
14 changes: 14 additions & 0 deletions winlogbeat/docs/winlogbeat-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,20 @@ winlogbeat.event_logs:
=======================================

[float]
==== `event_logs.language`

The language ID the events will be rendered in. The language will be forced regardless
of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here].
It defaults to `0`, which indicates to use the system language.

[source,yaml]
--------------------------------------------------------------------------------
winlogbeat.event_logs:
- name: Security
event_id: 4624, 4625, 4700-4800, -4735
language: 0x0409 # US English
--------------------------------------------------------------------------------

[float]
==== `event_logs.level`
Expand Down

0 comments on commit 6370b9e

Please sign in to comment.