Start Winlogbeat
editStart Winlogbeat
editBefore starting Winlogbeat:
- Follow the steps in Quick start: installation and configuration to install, configure, and set up the Winlogbeat environment.
- Make sure Kibana and Elasticsearch are running.
-
Make sure the user specified in
winlogbeat.yml
is authorized to publish events.
To start Winlogbeat, run:
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
Winlogbeat should now be running. If you used the logging configuration
described here, you can view the log file at
C:\ProgramData\winlogbeat\Logs\winlogbeat
.
You can view the status of the service and control it from the Services management console in Windows. To launch the management console, run this command:
PS C:\Program Files\Winlogbeat> services.msc