Winlogbeat

Install Winlogbeat to shift windows events to PacketAI

Download and Install Winlogbeat
Execute the following script in Powershell to download Winlogbeat
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-8.4.3-windows-x86_64.zip -OutFile wlb.zip
Expand-Archive .\wlb.zip
mv .\wlb\winlogbeat-8.4.3-windows-x86_64\ .\winlogbeat\
rm -r .\wlb
rm .\wlb.zip
cd .\winlogbeat
​
Get PacketAI Winlogbeat Config Template
The default configuration could be generated by using Powershell to run the following command in the winlogbeat folder:
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/PacketAI/winlogbeat-installation/main/generate-config.ps1" -OutFile generate-config.ps1
.\generate-config.ps1 -clustername "YOUR_CLUSTER_NAME" -infra "YOUR_PAI_IID" -token "YOUR_PAI_TOKEN"
you need to replace YOUR_CLUSTER_NAME with appropriate cluster name. (make sure the cluster name is alpha numeric and lowercase only)
you need to replace YOUR_PAI_IID and YOUR_PAI_TOKEN from the Deploy PacketAI/Agent/ Logstash credentials.
Configure Log Source
Configure the log you want to monitor in the generated file: winlogbeat.yml
Start the Service
.\install-service-winlogbeat.ps1
Start-Service winlogbeat

Set Up - Previous

Metricbeat

Next - Set Up

Fluent Bit

Last modified 5mo ago