By default, Winlogbeat sends all its output to syslog. When you run Winlogbeat in the foreground, you can use the -e command line flag to redirect the output to standard error instead. For example:

winlogbeat -e

The default configuration file is winlogbeat.yml (the location of the file varies by platform). You can use a different configuration file by specifying the -c flag. For example:

winlogbeat -e -c mywinlogbeatconfig.yml

You can increase the verbosity of debug messages by enabling one or more debug selectors. For example, to view publisher-related messages, start Winlogbeat with the publisher selector:

winlogbeat -e -d "publisher"

If you want all the debugging output (fair warning, it’s quite a lot), you can use *, like this:

winlogbeat -e -d "*"