全网最全的默认配置winlogbeat收集window日志到elasticserach

• elasticserach的版本最好是和winlogbeat一致

1. 去官网下载安装包
   选择winlogbeat版本
2. 解压缩到c盘的profile目录,其他目录也行
3. 讲解压文件夹重命名winlogbeat
4. 用powershell命令打开winlogbeat目录
5. 执行以下命令

PowerShell.exe -ExecutionPolicy UnRestricted -File .install-service-winlogbeat.ps1.

6. 然后配置yml文件执行winlogbeat

`

1. 编辑winlogbeat.yml文件

output.elasticsearch:
  hosts: ["192.168.100.133:9200"]
#============================== Kibana =====================================

host: "192.168.100.133:5601"

logging.to_files: true
logging.files:
  path: C:ProgramDatawinlogbeatLogs
logging.level: info

2. 运行测试命令不出错就行

PS C:Program FilesWinlogbeat> .winlogbeat.exe test config -c .winlogbeat.yml -e

4. 开启winlogbeat

.winlogbeat.exe setup -e

1. 先停止winlogbeat服务

Stop-Service winlogbeat

3. 然后运行以下命令

PowerShell.exe -ExecutionPolicy UnRestricted -File .uninstall-service-winlogbeat.ps1.

5. 然后把winlogbeat相关的文件删除