winlog

下载

https://www.elastic.co/downloads/beats/winlogbeat

PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1

编辑配置

winlogbeat.event_logs:
  - name: Application
  - name: Security
  - name: System

output.elasticsearch:
  hosts:
    - localhost:9200

logging.to_files: true
logging.files:
  path: C:/ProgramData/winlogbeat/Logs
logging.level: info

setup.template.enabled:
setup.template.name: "1.2"
setup.template.pattern: "1.2-*"

setup.kibana:
  host: "localhost:5601"    //改一下有模板输出

output.elasticsearch:
  hosts: ["myEShost:9200"，"myEShost2:9200"]
  index: "1.2-%{+yyyy.MM.dd}"

PS C:\Program Files\Winlogbeat> winlogbeat.exe -c winlogbeat.yml


在C盘下建立一个 .bat

cd C:\Program Files\Winlogbeat
winlogbeat.exe -c winlogbeat.yml

建立一个 .vbs

createobject("wscript.shell").run "c:\winlog.bat",0

开机自启动

关闭：进程里关闭即可

posted @ 2018-05-11 14:09 jjp816 阅读(306) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

jjp816

winlog

公告