diff --git a/winlogbeat/docs/modules.asciidoc b/winlogbeat/docs/modules.asciidoc index f8d57950a12..c5a421f5e33 100644 --- a/winlogbeat/docs/modules.asciidoc +++ b/winlogbeat/docs/modules.asciidoc @@ -22,6 +22,9 @@ a `script` processor to your configuration file and point it at the included script file for the module. The documentation for each module includes an example. +NOTE: The provided modules only support events in english. For more information +about how to configure the language in `winlogbeat`, refer to <>. + [float] === Usage with Forwarded Events @@ -34,6 +37,7 @@ script processors that are guarded by a conditional `when` statement. winlogbeat.event_logs: - name: ForwardedEvents tags: [forwarded] + language: 0x0409 processors: - script: when.equals.winlog.channel: Security diff --git a/winlogbeat/docs/winlogbeat-options.asciidoc b/winlogbeat/docs/winlogbeat-options.asciidoc index 96ea095effd..1095bd01127 100644 --- a/winlogbeat/docs/winlogbeat-options.asciidoc +++ b/winlogbeat/docs/winlogbeat-options.asciidoc @@ -232,6 +232,20 @@ winlogbeat.event_logs: ======================================= +[float] +==== `event_logs.language` + +The language ID the events will be rendered in. The language will be forced regardless +of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. +It defaults to `0`, which indicates to use the system language. + +[source,yaml] +-------------------------------------------------------------------------------- +winlogbeat.event_logs: + - name: Security + event_id: 4624, 4625, 4700-4800, -4735 + language: 0x0409 # US English +-------------------------------------------------------------------------------- [float] ==== `event_logs.level`