beats icon indicating copy to clipboard operation
beats copied to clipboard

Published 20 hours ago verified publisher icon elastic

[winlogbeat] Windows event log XMLs are truncated if exceed 8KB

Open intxgo opened this issue 4 months ago • 1 comments

Winlogbeat is truncating Windows event log XMLs above 8KB. The event document contains RenderErr:[XML syntax error on line xxx: unexpected EOF] in message node.

The above error is caused by truncated XML. Winlogbeat is using EvtRender API with pre-allocated buffer for efficiency. Unfortunately this API can succeed returning truncated data in provided buffer.

For confirmed bugs, please report:

  • Version: 8.15

intxgo avatar Oct 15 '24 19:10 intxgo