IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Step 1: Install Winlogbeat
editStep 1: Install Winlogbeat
editBefore you begin: If you haven’t installed the Elastic Stack, do that now. See Getting started with the Elastic Stack.
- Download the Winlogbeat zip file from the downloads page.
-
Extract the contents into
C:\Program Files. -
Rename the
winlogbeat-<version>directory toWinlogbeat. - Open a PowerShell prompt as an Administrator (right-click on the PowerShell icon and select Run As Administrator).
- From the PowerShell prompt, run the following commands to install the service.
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat' PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1 Security warning Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\Program Files\Winlogbeat\install-service-winlogbeat.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R Status Name DisplayName ------ ---- ----------- Stopped winlogbeat winlogbeat
If script execution is disabled on your system, you need to set the
execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1.
Before starting Winlogbeat, you should look at the configuration options in the
configuration file, for example C:\Program Files\Winlogbeat\winlogbeat.yml.
There’s also a full example configuration file called winlogbeat.reference.yml that
shows all non-deprecated options. For more information about these options, see
Configuring Winlogbeat.