banner
云野阁

云野阁

闲云野鹤,八方逍遥
HomeArchives关于

Install Winlogbeat Log Collector

#日志分析#ELK#日志采集器#Winlogbeat15
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
To install Winlogbeat, download the installer from the official website. Run the installer, accept the license agreement, and complete the installation. After installation, open PowerShell as an administrator and navigate to the Winlogbeat directory. Change the execution policy to allow scripts to run by using the commands `set-executionpolicy remotesigned` and `set-executionpolicy Bypass`. Finally, create and start the Winlogbeat service with the command `.\install-service-winlogbeat.ps1` followed by `Start-Service winlogbeat`.
  1. The Winlogbeat installer can be downloaded from its official website (https://www.elastic.co/cn/beats/winlogbeat).
  2. Double-click to start the installer, check "I accept the terms in the License Agreement" in the installation wizard, and click [Install], as shown in the figure.

4

  1. After the installation is completed as per the installation wizard, click [Finish] to complete the installation and open the installation directory. As shown in the figure.

3

2

  1. Open PowerShell as an administrator (right-click the PowerShell icon and select "Run as administrator"), allow the creation of the winlogbeat service on the local host, and after successful creation, enable the winlogbeat service and verify it. As shown in the figure.

    PS C:\Windows\system32> cd "C:\Program Files\Elastic\Beats\8.13.2\winlogbeat"
# Allow unsigned scripts written on the local computer to run freely
PS C:\Program Files\Elastic\Beats\8.13.2\winlogbeat> set-executionpolicy remotesigned

Execution policy change
The execution policy helps you prevent the execution of untrusted scripts. Changing the execution policy may pose security risks, as described in the about_Execution_Policies help topic at https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes(Y)  [A] All(A)  [N] No(N)  [L] All No(L)  [S] Suspend(S)  [?] Help (default is “N”): y
# Allow scripts to run on the system
PS C:\Program Files\Elastic\Beats\8.13.2\winlogbeat> set-executionpolicy Bypass

Execution policy change
The execution policy helps you prevent the execution of untrusted scripts. Changing the execution policy may pose security risks, as described in the about_Execution_Policies help topic at https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes(Y)  [A] All(A)  [N] No(N)  [L] All No(L)  [S] Suspend(S)  [?] Help (default is “N”): y
# Create winlogbeat service
PS C:\Program Files\Elastic\Beats\8.13.2\winlogbeat> .\install-service-winlogbeat.ps1
[SC] DeleteService succeeded

Status   Name               DisplayName
------   ----               -----------
Stopped  winlogbeat         winlogbeat

# Start winlogbeat service
PS C:\Program Files\Elastic\Beats\8.13.2\winlogbeat> Start-Service winlogbeat

1

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.