Has anybody deployed winlogbeat through GPO? I have a general plan I have worked out to try to get this to work however I want to see if I am missing anything or not thinking about this correctly.
1 Like
No experience with GPO here, but please share your findings.
Will do, trying to work it out now.
Yes, two step process, both ran under "Computer"
-
Preferences > WIndows Settings > Files and make a copy of the Winlogbeat source files to the local PC, also make subdirectories for the data and logs folders.
-
Policies > Windows Settings > Scripts > Startup and run the Powershell to install it. I'll paste the code that I used below.
delete service if it already exists
if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
$service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
$service.StopService()
Start-Sleep -s 1
$service.delete()
}$workdir = Split-Path $MyInvocation.MyCommand.Path
create new service
New-Service -name winlogbeat
-displayName winlogbeat
-binaryPathName ""C:\\Program Files\\winlogbeat\\winlogbeat.exe" -c"C:\\Program Files\\winlogbeat\\winlogbeat.yml" -path.home"C:\\Program Files\\winlogbeat\\" -path.data"C:\\ProgramData\\winlogbeat" -path.logs"C:\\ProgramData\\winlogbeat\logs""start service
Start-Service winlogbeat
3 Likes
That is great, thank you for this. I am going to give this a shot.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.