Install winlogbeat on windows server 2003 without powershell

tharu85 · October 3, 2017, 5:06am

I have a server with windows server 2003 installed and I need to forward that server windows event logs to logstash through winlogbeat.

But there is no powershell in windows server 2003. So how can I install winlogbeat service without powershell ?

andrewkroh · October 3, 2017, 1:21pm

The New-Service powershell cmdlet is used by the script to create the winlogbeat service. You could try to install Powershell 2.0 and see if the script works. Microsoft's website doesn't have much information on Powershell 2.0 so I don't know if New-Service is present in the version.

Another option might be to use sc.exe to create the winlogbeat service. See https://support.microsoft.com/en-us/help/251192/how-to-create-a-windows-service-by-using-sc-exe

Badger · October 3, 2017, 1:45pm

New-Service was added in 3.0. You can tell by going to https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-service and seeing what versions are listed in the dropdown at the top left.

andrewkroh · October 3, 2017, 2:02pm

I don't think the docs for 2.0 are available on that site. The drop down doesn't contain a 2.0 option even for cmdlets that were available in 2.0 such as Get-ChildItem.

tharu85 · October 4, 2017, 6:15am

I am able to install "install-service-winlogbeat.ps1" using Powershell v1.0 on windows server 2003.

But when I am going to start the winlogbeat service, it gives following error message. I try to fixed it but unfortunately no luck. Can any body give me a direction to fixed this issue.

Error code -> Error 216: 0xd8

andrewkroh · October 5, 2017, 3:25pm

Can you please test your config and also try to start Winlogbeat on the CLI (rather than as a service).

Test the config

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe -c .\winlogbeat.yml -e -configtest
Start Winlogbeat in the foreground.

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe -c .\winlogbeat.yml -e

tharu85 · October 6, 2017, 5:09am

Once I execute below command I received listed error message

PS E:\Graylog\winlogbeat-5.4.0-windows-x86_64> .\winlogbeat.exe -c .\winlogbeat.
yml -e -configtes

Received Below Error

PS E:\Graylog\winlogbeat-5.4.0-windows-x86_64> .\winlogbeat.exe -c .\winlogbeat.
yml -e -configtest
Program 'winlogbeat.exe' failed to execute: The image file %1 is valid, but is
for a machine type other than the current machine
At line:1 char:17
+ .\winlogbeat.exe  <<<< -c .\winlogbeat.yml -e -configtest.
At line:1 char:1
+ . <<<< \winlogbeat.exe -c .\winlogbeat.yml -e -configtest

andrewkroh · October 6, 2017, 1:53pm

Is this a 32-bit machine or OS version? If so you need to use the 32-bit version of Winlogbeat.

system · November 6, 2017, 8:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.