WARNING: Version 1.1 of Winlogbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Step 1: Installing Winlogbeat
editStep 1: Installing Winlogbeat
edit- Download the Winlogbeat zip file from the downloads page.
-
Extract the contents into
C:\Program Files
. -
Rename the
winlogbeat-<version>
directory toWinlogbeat
. - Open a PowerShell prompt as an Administrator (right-click on the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
- Run the following commands to install the service.
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat' PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1 Security warning Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\Program Files\Winlogbeat\install-service-winlogbeat.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R Status Name DisplayName ------ ---- ----------- Stopped winlogbeat winlogbeat
If script execution is disabled on your system, you need to set the
execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1
.
Before starting Winlogbeat, you should look at the configuration options in the
configuration file, for example C:\Program Files\Winlogbeat\winlogbeat.yml
.
For more information about these options, see Configuration Options.