winlog
下载
https://www.elastic.co/downloads/beats/winlogbeat
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1
编辑配置
winlogbeat.event_logs:
- name: Application
- name: Security
- name: System
output.elasticsearch:
hosts:
- localhost:9200
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: info
setup.template.enabled:
setup.template.name: "1.2"
setup.template.pattern: "1.2-*"
setup.kibana:
host: "localhost:5601" //改一下有模板输出
output.elasticsearch: hosts: ["myEShost:9200","myEShost2:9200"]
index: "1.2-%{+yyyy.MM.dd}"
PS C:\Program Files\Winlogbeat> winlogbeat.exe -c winlogbeat.yml
在C盘下建立一个 .bat
cd C:\Program Files\Winlogbeat
winlogbeat.exe -c winlogbeat.yml
建立一个 .vbs
createobject("wscript.shell").run "c:\winlog.bat",0
开机自启动
关闭:进程里关闭即可