配置概要
- elasticserach的版本最好是和winlogbeat一致
安装winlogbeat
- 去官网下载安装包
选择winlogbeat版本 - 解压缩到c盘的profile目录,其他目录也行
- 讲解压文件夹重命名winlogbeat
- 用powershell命令打开winlogbeat目录
- 执行以下命令
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1.
- 然后配置yml文件执行winlogbeat
`
连接winlogbeat到elasticserach(kibana)
- 编辑winlogbeat.yml文件
output.elasticsearch:
hosts: ["192.168.100.133:9200"]
#============================== Kibana =====================================
host: "192.168.100.133:5601"
logging.to_files: true
logging.files:
path: C:\ProgramData\winlogbeat\Logs
logging.level: info
- 运行测试命令不出错就行
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e
- 开启winlogbeat
.\winlogbeat.exe setup -e
卸载winlogbeat
- 先停止winlogbeat服务
Stop-Service winlogbeat
- 然后运行以下命令
PowerShell.exe -ExecutionPolicy UnRestricted -File .\uninstall-service-winlogbeat.ps1.
- 然后把winlogbeat相关的文件删除