Winlogbeat deploy via GPO

Has anybody deployed winlogbeat through GPO? I have a general plan I have worked out to try to get this to work however I want to see if I am missing anything or not thinking about this correctly.

1 Like

No experience with GPO here, but please share your findings.

Will do, trying to work it out now.

Yes, two step process, both ran under "Computer"

  1. Preferences > WIndows Settings > Files and make a copy of the Winlogbeat source files to the local PC, also make subdirectories for the data and logs folders.

  2. Policies > Windows Settings > Scripts > Startup and run the Powershell to install it. I'll paste the code that I used below.

    delete service if it already exists

    if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
    $service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
    Start-Sleep -s 1

    $workdir = Split-Path $MyInvocation.MyCommand.Path

    create new service

    New-Service -name winlogbeat -displayName winlogbeat
    -binaryPathName ""C:\\Program Files\\winlogbeat\\winlogbeat.exe" -c "C:\\Program Files\\winlogbeat\\winlogbeat.yml" -path.home "C:\\Program Files\\winlogbeat\\" "C:\\ProgramData\\winlogbeat" -path.logs "C:\\ProgramData\\winlogbeat\logs""

    start service

    Start-Service winlogbeat


That is great, thank you for this. I am going to give this a shot.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.