- This topic has 0 replies, 1 voice, and was last updated 5 years, 9 months ago by
.
Viewing 1 post (of 1 total)
- Posts
- Download Winlogbeats (OSS Version) from https://www.elastic.co/downloads/beats/winlogbeat-oss
- Extract the file from step 1 onto the Windows machine that will be sending logs to WitFoo.
- The directory can be placed anywhere on the filesystem.
- Edit the winlogbeat.yml within the extracted folder, as follows:
- Remove all content in the current file
- Copy and paste the example show below into the empty file
- Replace WITFOOIP with the IP address of the WitFoo Precinct All-in-One Appliance or Streamer node
- Save the file
- Execute the install-service-winlogbeat.ps1 file in the directory.
- Execute winlogbeat.exe in the file directory to start the service.
- Open the Services admin plugin in Windows and enable the Winbeats service and set it to start on boot.
winlogbeat.yml content:
winlogbeat.event_logs: - name: Application ignore_older: 72h - name: Security - name: System event_logs.batch_read_size: 10 output.logstash: hosts: [WITFOOIP:5044] ssl.enabled: true ssl.verification_mode: none
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.