Winlogbeat deploy via GPO

Has anybody deployed winlogbeat through GPO? I have a general plan I have worked out to try to get this to work however I want to see if I am missing anything or not thinking about this correctly.

No experience with GPO here, but please share your findings.

Will do, trying to work it out now.

Yes, two step process, both ran under "Computer"

  1. Preferences > WIndows Settings > Files and make a copy of the Winlogbeat source files to the local PC, also make subdirectories for the data and logs folders.

  2. Policies > Windows Settings > Scripts > Startup and run the Powershell to install it. I'll paste the code that I used below.

    delete service if it already exists

    if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
    $service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
    $service.StopService()
    Start-Sleep -s 1
    $service.delete()
    }

    $workdir = Split-Path $MyInvocation.MyCommand.Path

    create new service

    New-Service -name winlogbeat -displayName winlogbeat
    -binaryPathName ""C:\\Program Files\\winlogbeat\\winlogbeat.exe" -c "C:\\Program Files\\winlogbeat\\winlogbeat.yml" -path.home "C:\\Program Files\\winlogbeat\\" -path.data "C:\\ProgramData\\winlogbeat" -path.logs "C:\\ProgramData\\winlogbeat\logs""

    start service

    Start-Service winlogbeat

1 Like

That is great, thank you for this. I am going to give this a shot.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.