Winlogbeat deploy via GPO

minidan · March 16, 2018, 2:02pm

Yes, two step process, both ran under "Computer"

Preferences > WIndows Settings > Files and make a copy of the Winlogbeat source files to the local PC, also make subdirectories for the data and logs folders.
Policies > Windows Settings > Scripts > Startup and run the Powershell to install it. I'll paste the code that I used below.

delete service if it already exists

if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
$service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
$service.StopService()
Start-Sleep -s 1
$service.delete()
}

$workdir = Split-Path $MyInvocation.MyCommand.Path

create new service

New-Service -name winlogbeat -displayName winlogbeat
-binaryPathName ""C:\\Program Files\\winlogbeat\\winlogbeat.exe" -c "C:\\Program Files\\winlogbeat\\winlogbeat.yml" -path.home "C:\\Program Files\\winlogbeat\\" -path.data "C:\\ProgramData\\winlogbeat" -path.logs "C:\\ProgramData\\winlogbeat\logs""

start service

Start-Service winlogbeat

Topic		Replies	Views
Deploying Winlogbeat with Octopus Deploy Beats winlogbeat	1	267	February 2, 2023
Problems With Winlogbeat Beats winlogbeat	4	405	August 15, 2022
Winlogbeat install issue Beats winlogbeat	4	491	November 5, 2018
GPO to start Beats not working Beats filebeat , metricbeat , winlogbeat , heartbeat , auditbeat	6	800	October 13, 2020
Can winlogbeat works with powershell version 2? Beats winlogbeat	3	1034	August 5, 2016

delete service if it already exists