Winlogbeats

[Mike Riforgiate]

1. Download Winlogbeats (OSS Version) from https://www.elastic.co/downloads/beats/winlogbeat-oss
2. Extract the file from step 1 onto the Windows machine that will be sending logs to WitFoo.
   1. The directory can be placed anywhere on the filesystem.
3. Edit the winlogbeat.yml within the extracted folder, as follows:
   1. Remove all content in the current file
   2. Copy and paste the example show below into the empty file
   3. Replace WITFOOIP with the IP address of the WitFoo Precinct All-in-One Appliance or Streamer node
   4. Save the file
4. Execute the install-service-winlogbeat.ps1 file in the directory.
5. Execute winlogbeat.exe in the file directory to start the service.
6. Open the Services admin plugin in Windows and enable the Winbeats service and set it to start on boot.

 

winlogbeat.yml content:

winlogbeat.event_logs:
  - name: Application
    ignore_older: 72h
  - name: Security
  - name: System
output.logstash:
  hosts: [WITFOOIP:5044]
  ssl.enabled: true
  ssl.verification_mode: none

• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.
• This topic was modified 1 year ago by Mike Riforgiate.

[Author]

Posts