1.安装winlogbeat
- 这里 下载winlogbeat 压缩
- 解压到 C:\Program Files
- 重新命名文件夹为winlogbeat
- 用管理员身份打开windows的 powershell
- 运行以下命令来安装服务
- ---以下这步没测试成功
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1如果在系统上禁用了脚本执行,则需要为当前会话设置执行策略以允许脚本运行。 PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1.
或者可以使用以下命令来关闭一些安全防护,输入命令后按Y确认
PS C:\Program Files\Winlogbeat> set-executionpolicy remotesigned
PS C:\Program Files\Winlogbeat> set-executionpolicy Bypass2.配置
本文测试使用winlogbeat收集日志,发送到elasticsearch
修改配置文件 :winlogbeat.yml
填写要输出到es的地址
output.elasticsearch:
hosts:
- localhost:9200使用以下命令检查配置文件的正确性
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e3.启动winlogbeat
使用以下命令启动winlogbeat服务,如果你的es是有验证的,请参考这里做配置
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat- 1
4.查看日志
打开kibana,或者es的head插件,可以看到,日志会按照默认的index winlogbeat- + 日期,来收录到es中
winlogbeat-6.2.4-2018.04.04 |
341ki/681ki | 320 |
winlogbeat-6.2.4-2018.04.05 |
206ki/412ki | 185 |
winlogbeat-6.2.4-2018.04.06 |
188ki/383ki | 177 |
winlogbeat-6.2.4-2018.04.07 |
184ki/368ki | 181 |
winlogbeat-6.2.4-2018.04.08 |
455ki/910ki | 554 |
winlogbeat-6.2.4-2018.04.09 |
462ki/924ki | 515 |
winlogbeat-6.2.4-2018.04.10 |
321ki/643ki | 406 |
winlogbeat-6.2.4-2018.04.11 |
400ki/801ki | 407 |
winlogbeat-6.2.4-2018.04.12 |
559ki/1.09Mi | 751 |
winlogbeat-6.2.4-2018.04.13 |
417ki/852ki | 448 |
winlogbeat-6.2.4-2018.04.14 |
347ki/722ki | 314 |
winlogbeat-6.2.4-2018.04.15 |
322ki/644ki | 336 |
winlogbeat-6.2.4-2018.04.16 |
386ki/772ki | 409 |
winlogbeat-6.2.4-2018.04.17 |
510ki/1.00Mi | 559 |
winlogbeat-6.2.4-2018.04.18 |
287ki/625ki | 299 |
winlogbeat-6.2.4-2018.04.19 |
285ki/570ki | 296 |
winlogbeat-6.2.4-2018.04.20 |
506ki/1.06Mi | 519 |
winlogbeat-6.2.4-2018.04.21 |
255ki/510ki | 176 |
winlogbeat-6.2.4-2018.04.22 |
284ki/564ki | 220 |
winlogbeat-6.2.4-2018.04.23 |
886ki/1.73Mi | 1.17k |
winlogbeat-6.2.4-2018.04.24 |
366ki/732ki | 353 |
winlogbeat-6.2.4-2018.04.25 |
249ki/498ki | 216 |
winlogbeat-6.2.4-2018.04.26 |
337ki/673ki | 334 |
winlogbeat-6.2.4-2018.04.27 |
186ki/428ki | 116 |
winlogbeat-6.2.4-2018.04.28 |
347ki/728ki | 243 |
winlogbeat-6.2.4-2018.04.29 |
99.3ki/199ki | 37 |
winlogbeat-6.2.4-2018.04.30 |
318ki/627ki | 222 |
winlogbeat-6.2.4-2018.05.01 |
95.3ki/191ki | 29 |
winlogbeat-6.2.4-2018.05.02 |
570ki/1.15Mi | 605 |
winlogbeat-6.2.4-2018.05.03 |
284ki/566ki | 246 |
winlogbeat-6.2.4-2018.05.04 |
365ki/730ki | 338 |
winlogbeat-6.2.4-2018.05.05 |
63.8ki/128ki | 33 |
winlogbeat-6.2.4-2018.05.06 |
69.9ki/140ki | 41 |
winlogbeat-6.2.4-2018.05.07 |
479ki/958ki | 475 |
winlogbeat-6.2.4-2018.05.08 |
300ki/600ki | 274 |
winlogbeat-6.2.4-2018.05.09 |
206ki/412ki | 161 |
winlogbeat-6.2.4-2018.05.10 |
192ki/385ki | 210 |
winlogbeat-6.2.4-2018.05.11 |
205ki/411ki | 198 |
winlogbeat-6.2.4-2018.05.12 |
416ki/828ki | 358 |
winlogbeat-6.2.4-2018.05.13 |
97.4ki/206ki | 37 |
winlogbeat-6.2.4-2018.05.14 |
295ki/590ki | 268 |
winlogbeat-6.2.4-2018.05.15 |
116ki/221ki | 31 |
winlogbeat-6.2.4-2018.05.16 |
497ki/998ki | 454 |
winlogbeat-6.2.4-2018.05.17 |
595ki/1.23Mi | 580 |
winlogbeat-6.2.4-2018.05.18 |
392ki/783ki | 392 |
winlogbeat-6.2.4-2018.05.19 |
183ki/366ki | 102 |
winlogbeat-6.2.4-2018.05.20 |
134ki/269ki | 49 |
winlogbeat-6.2.4-2018.05.21 |
486ki/998ki | 530 |
winlogbeat-6.2.4-2018.05.22 |
232ki/463ki | 247 |
winlogbeat-6.2.4-2018.05.23 |
243ki/507ki | 260 |
winlogbeat-6.2.4-2018.05.24 |
474ki/980ki | 532 |
winlogbeat-6.2.4-2018.05.25 |
241ki/482ki | 240 |
winlogbeat-6.2.4-2018.05.26 |
150ki/301ki | 75 |
winlogbeat-6.2.4-2018.05.27 |
291ki/582ki | 391 |
winlogbeat-6.2.4-2018.05.28 |
1.43Mi/2.86Mi | 6.84k |
winlogbeat-6.2.4-2018.05.29 |
1.13Mi/2.28Mi | 3.72k |
winlogbeat-6.2.4-2018.05.30 |
231ki/462ki | 204 |