1.安装winlogbeat
- 这里 下载winlogbeat 压缩
- 解压到 C:\Program Files
- 重新命名文件夹为winlogbeat
- 用管理员身份打开windows的 powershell
- 运行以下命令来安装服务
- ---以下这步没测试成功
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1如果在系统上禁用了脚本执行,则需要为当前会话设置执行策略以允许脚本运行。 PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1.
或者可以使用以下命令来关闭一些安全防护,输入命令后按Y确认
PS C:\Program Files\Winlogbeat> set-executionpolicy remotesigned
PS C:\Program Files\Winlogbeat> set-executionpolicy Bypass2.配置
本文测试使用winlogbeat收集日志,发送到elasticsearch
修改配置文件 :winlogbeat.yml
填写要输出到es的地址
output.elasticsearch:
hosts:
- localhost:9200使用以下命令检查配置文件的正确性
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e3.启动winlogbeat
使用以下命令启动winlogbeat服务,如果你的es是有验证的,请参考这里做配置
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat- 1
4.查看日志
打开kibana,或者es的head插件,可以看到,日志会按照默认的index winlogbeat- + 日期,来收录到es中
winlogbeat-6.2.4-2018.04.04 | 341ki/681ki | 320 |
winlogbeat-6.2.4-2018.04.05 | 206ki/412ki | 185 |
winlogbeat-6.2.4-2018.04.06 | 188ki/383ki | 177 |
winlogbeat-6.2.4-2018.04.07 | 184ki/368ki | 181 |
winlogbeat-6.2.4-2018.04.08 | 455ki/910ki | 554 |
winlogbeat-6.2.4-2018.04.09 | 462ki/924ki | 515 |
winlogbeat-6.2.4-2018.04.10 | 321ki/643ki | 406 |
winlogbeat-6.2.4-2018.04.11 | 400ki/801ki | 407 |
winlogbeat-6.2.4-2018.04.12 | 559ki/1.09Mi | 751 |
winlogbeat-6.2.4-2018.04.13 | 417ki/852ki | 448 |
winlogbeat-6.2.4-2018.04.14 | 347ki/722ki | 314 |
winlogbeat-6.2.4-2018.04.15 | 322ki/644ki | 336 |
winlogbeat-6.2.4-2018.04.16 | 386ki/772ki | 409 |
winlogbeat-6.2.4-2018.04.17 | 510ki/1.00Mi | 559 |
winlogbeat-6.2.4-2018.04.18 | 287ki/625ki | 299 |
winlogbeat-6.2.4-2018.04.19 | 285ki/570ki | 296 |
winlogbeat-6.2.4-2018.04.20 | 506ki/1.06Mi | 519 |
winlogbeat-6.2.4-2018.04.21 | 255ki/510ki | 176 |
winlogbeat-6.2.4-2018.04.22 | 284ki/564ki | 220 |
winlogbeat-6.2.4-2018.04.23 | 886ki/1.73Mi | 1.17k |
winlogbeat-6.2.4-2018.04.24 | 366ki/732ki | 353 |
winlogbeat-6.2.4-2018.04.25 | 249ki/498ki | 216 |
winlogbeat-6.2.4-2018.04.26 | 337ki/673ki | 334 |
winlogbeat-6.2.4-2018.04.27 | 186ki/428ki | 116 |
winlogbeat-6.2.4-2018.04.28 | 347ki/728ki | 243 |
winlogbeat-6.2.4-2018.04.29 | 99.3ki/199ki | 37 |
winlogbeat-6.2.4-2018.04.30 | 318ki/627ki | 222 |
winlogbeat-6.2.4-2018.05.01 | 95.3ki/191ki | 29 |
winlogbeat-6.2.4-2018.05.02 | 570ki/1.15Mi | 605 |
winlogbeat-6.2.4-2018.05.03 | 284ki/566ki | 246 |
winlogbeat-6.2.4-2018.05.04 | 365ki/730ki | 338 |
winlogbeat-6.2.4-2018.05.05 | 63.8ki/128ki | 33 |
winlogbeat-6.2.4-2018.05.06 | 69.9ki/140ki | 41 |
winlogbeat-6.2.4-2018.05.07 | 479ki/958ki | 475 |
winlogbeat-6.2.4-2018.05.08 | 300ki/600ki | 274 |
winlogbeat-6.2.4-2018.05.09 | 206ki/412ki | 161 |
winlogbeat-6.2.4-2018.05.10 | 192ki/385ki | 210 |
winlogbeat-6.2.4-2018.05.11 | 205ki/411ki | 198 |
winlogbeat-6.2.4-2018.05.12 | 416ki/828ki | 358 |
winlogbeat-6.2.4-2018.05.13 | 97.4ki/206ki | 37 |
winlogbeat-6.2.4-2018.05.14 | 295ki/590ki | 268 |
winlogbeat-6.2.4-2018.05.15 | 116ki/221ki | 31 |
winlogbeat-6.2.4-2018.05.16 | 497ki/998ki | 454 |
winlogbeat-6.2.4-2018.05.17 | 595ki/1.23Mi | 580 |
winlogbeat-6.2.4-2018.05.18 | 392ki/783ki | 392 |
winlogbeat-6.2.4-2018.05.19 | 183ki/366ki | 102 |
winlogbeat-6.2.4-2018.05.20 | 134ki/269ki | 49 |
winlogbeat-6.2.4-2018.05.21 | 486ki/998ki | 530 |
winlogbeat-6.2.4-2018.05.22 | 232ki/463ki | 247 |
winlogbeat-6.2.4-2018.05.23 | 243ki/507ki | 260 |
winlogbeat-6.2.4-2018.05.24 | 474ki/980ki | 532 |
winlogbeat-6.2.4-2018.05.25 | 241ki/482ki | 240 |
winlogbeat-6.2.4-2018.05.26 | 150ki/301ki | 75 |
winlogbeat-6.2.4-2018.05.27 | 291ki/582ki | 391 |
winlogbeat-6.2.4-2018.05.28 | 1.43Mi/2.86Mi | 6.84k |
winlogbeat-6.2.4-2018.05.29 | 1.13Mi/2.28Mi | 3.72k |
winlogbeat-6.2.4-2018.05.30 | 231ki/462ki | 204 |
6496
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
