Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######### Download Winbeat 5.2 ########
- $client = New-Object System.Net.WebClient
- $url = “https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-5.2.0-windows-x86_64.zip”
- $client.DownloadFile($url, “$Env:temp\winlogbeat-5.2.0-windows-x86_64.zip”)
- cd $Env:temp
- ######## Unzip file ########
- $shell_app = new-object -com shell.application
- $filename = "winlogbeat-5.2.0-windows-x86_64.zip"
- $zip_file = $shell_app.namespace("$env:temp\$filename")
- #set the destination directory for the extracts
- if (!(Test-Path "$env:temp\Winlogbeat")) {
- mkdir $env:temp\Winlogbeat
- }
- $destination = $shell_app.namespace("$env:temp\Winlogbeat")
- #unzip the file
- $destination.Copyhere($zip_file.items())
- ######### Copy file #########
- mkdir 'C:\Program Files\Winlogbeat'
- cp $env:temp\Winlogbeat\winlogbeat-5.2.0-windows-x86_64\* 'C:\Program Files\Winlogbeat'
- ######### Go to Winlogbeat directory ########
- cd 'C:\Program Files\Winlogbeat'
- # Install Winbeat service
- Set-ExecutionPolicy RemoteSigned
- .\install-service-winlogbeat.ps1
- ######## Winlogbeat ######
- #backup config
- cp winlogbeat.yml winlogbeat.yml.bak
- # Disable elasticsearch
- (gc Winlogbeat.yml) -replace "output.elasticsearch:", "# output.elasticsearch:" | Set-Content -path winlogbeat.yml
- (gc Winlogbeat.yml) -replace ' hosts: \["localhost:9200"\]', ' # hosts: ["localhost:9200"]' | Set-Content -path winlogbeat.yml
- # Enable logstash
- $domainName = Read-Host -Prompt 'Input your graylogserver domain: '
- (gc Winlogbeat.yml) -replace '#output.logstash:', 'output.logstash:' | Set-Content -path winlogbeat.yml
- (gc Winlogbeat.yml) -replace ' #hosts: \["localhost:5044"\]', " hosts: [`"$($domainName):5044`"]" | Set-Content -path winlogbeat.yml
- ######### Start Winlogbeat service ########
- Start-Service winlogbeat
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
