gaugendre/youtubebeat
1
0
Fork 0
Code Issues Pull requests Releases Activity
youtubebeat/vendor/github.com/elastic/beats/winlogbeat/docs/getting-started.asciidoc

175 lines
6.4 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[winlogbeat-getting-started]]
== Getting Started With Winlogbeat
include::../../libbeat/docs/shared-getting-started-intro.asciidoc[]
* <<winlogbeat-installation>>
* <<winlogbeat-configuration>>
* <<config-winlogbeat-logstash>>
* <<winlogbeat-template>>
* <<load-kibana-dashboards>>
* <<winlogbeat-starting>>
* <<view-kibana-dashboards>>
[[winlogbeat-installation]]
=== Step 1: Install Winlogbeat
*Before you begin*: If you haven't installed the {stack}, do that now. See
{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}].
. Download the Winlogbeat zip file from the
https://www.elastic.co/downloads/beats/winlogbeat[downloads page].
. Extract the contents into `C:\Program Files`.
. Rename the `winlogbeat-<version>` directory to `Winlogbeat`.
. Open a PowerShell prompt as an Administrator (right-click on the PowerShell
icon and select Run As Administrator).
. From the PowerShell prompt, run the following commands to install the service.
["source","sh",subs="attributes,callouts"]
------------------------------------------------
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1
Security warning
Run only scripts that you trust. While scripts from the internet can be useful,
this script can potentially harm your computer. If you trust this script, use
the Unblock-File cmdlet to allow the script to run without this warning message.
Do you want to run C:\Program Files\Winlogbeat\install-service-winlogbeat.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Status Name DisplayName
------ ---- -----------
Stopped winlogbeat winlogbeat
------------------------------------------------
NOTE: If script execution is disabled on your system, you need to set the
execution policy for the current session to allow the script to run. For example:
`PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1`.
Before starting Winlogbeat, you should look at the configuration options in the
configuration file, for example `C:\Program Files\Winlogbeat\winlogbeat.yml`.
Theres also a full example configuration file called `winlogbeat.reference.yml` that
shows all non-deprecated options. For more information about these options, see
<<configuring-howto-winlogbeat>>.
[[winlogbeat-configuration]]
=== Step 2: Configure Winlogbeat
To configure Winlogbeat, you edit the `winlogbeat.yml` configuration file. See the
{libbeat}/config-file-format.html[Config File Format] section of the
_Beats Platform Reference_ for more about the structure of the config file.
Here is a sample of the `winlogbeat.yml` file:
[source,yaml]
--------------------------------------------------------------------------------
winlogbeat.event_logs:
- name: Application
- name: Security
- name: System
output.elasticsearch:
hosts:
- localhost:9200
logging.to_files: true
logging.files:
path: C:/ProgramData/winlogbeat/Logs
logging.level: info
--------------------------------------------------------------------------------
To configure Winlogbeat:
. In the `event_logs` section, specify the event logs that you want to monitor.
By default, Winlogbeat is set to monitor application, security, and system logs:
+
[source,yaml]
----------------------------------------------------------------------
winlogbeat.event_logs:
- name: Application
- name: Security
- name: System
----------------------------------------------------------------------
+
To obtain a list of available event logs, run `Get-EventLog *` in PowerShell.
For more information about this command, see the configuration details for
<<configuration-winlogbeat-options-event_logs-name,event_logs.name>>.
include::../../libbeat/docs/step-configure-output.asciidoc[]
include::../../libbeat/docs/step-configure-kibana-endpoint.asciidoc[]
include::../../libbeat/docs/step-configure-credentials.asciidoc[]
. After you save your configuration file, test it with the following command.
+
[source,shell]
----------------------------------------------------------------------
PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e
----------------------------------------------------------------------
[[config-winlogbeat-logstash]]
=== Step 3: Configure Winlogbeat to use Logstash
:win:
include::../../libbeat/docs/shared-logstash-config.asciidoc[]
[[winlogbeat-template]]
=== Step 4: Load the index template in Elasticsearch
include::../../libbeat/docs/shared-template-load.asciidoc[]
[[load-kibana-dashboards]]
=== Step 5: Set up the Kibana dashboards
:win:
include::../../libbeat/docs/dashboards.asciidoc[]
[[winlogbeat-starting]]
=== Step 6: Start Winlogbeat
Start the Winlogbeat service with the following command. If you are accessing a
secured Elasticsearch cluster, make sure you've configured credentials as
described in <<{beatname_lc}-configuration>>.
[source,shell]
----------------------------------------------------------------------
PS C:\Program Files\Winlogbeat> Start-Service winlogbeat
----------------------------------------------------------------------
Winlogbeat should now be running. If you used the configuration described here,
then you can view the log file at `C:\ProgramData\winlogbeat\Logs\winlogbeat`.
You can view the status of the service and control it from the Services
management console in Windows. To launch the management console, run
this command:
[source,shell]
----------------------------------------------------------------------
PS C:\Program Files\Winlogbeat> services.msc
----------------------------------------------------------------------
==== Stop Winlogbeat
Stop the Winlogbeat service with the following command:
[source,shell]
----------------------------------------------------------------------
PS C:\Program Files\Winlogbeat> Stop-Service winlogbeat
----------------------------------------------------------------------
[[view-kibana-dashboards]]
=== Step 7: View the sample Kibana dashboards
To make it easier for you to start monitoring your servers in Kibana, we have
created example {beatname_uc} dashboards. You loaded the dashboards earlier
when you ran the `setup` command.
include::../../libbeat/docs/opendashboards.asciidoc[]
The dashboards are provided as examples. We recommend that you
{kibana-ref}/dashboard.html[customize] them to meet your needs.
[role="screenshot"]
image:./images/winlogbeat-dashboard.png[Winlogbeat statistics]
Reference in a new issue View git blame Copy permalink