Skip to content

Commit

Permalink
Add missing query for evtx processing
Browse files Browse the repository at this point in the history
  • Loading branch information
@kcreddy
kcreddy committed Jul 29, 2023
1 parent 1835318 commit ee563ac
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
*Winlogbeat*

- Add "event.category" and "event.type" to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255 {pull}35193[35193]
- Fix end point deregistration in http_endpoint input. {issue}16826[16826] {pull}1111[1111]

*Functionbeat*

Expand Down
2 changes: 1 addition & 1 deletion winlogbeat/eventlog/wineventlog.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@ func (l *winEventLog) Open(state checkpoint.EventLogState) error {
func (l *winEventLog) openFile(state checkpoint.EventLogState, bookmark win.EvtHandle) error {
path := l.channelName

h, err := win.EvtQuery(0, path, "", win.EvtQueryFilePath|win.EvtQueryForwardDirection)
h, err := win.EvtQuery(0, path, l.query, win.EvtQueryFilePath|win.EvtQueryForwardDirection)
if err != nil {
l.metrics.logError(err)
return fmt.Errorf("failed to get handle to event log file %v: %w", path, err)
Expand Down

0 comments on commit ee563ac

Please sign in to comment.