Winlogbeat install error

I've followed the instructions via the winlogbeat guide and tried to take ownership of the .ps1 files but as far as I get is supposedly installing the service and setting the startuptype to automatic but when I try to start winlogbeat service I get a Windows Error 1053.

I've also tried via command prompt but same result.

Any suggestions on how to get this installed not only on my machine but a mass scale?

There's a few pieces of information needed before we can help diagnose and resolve your issue.

What version of Windows are you installing Winlogbeat on? Are you trying to deploy across a domain? Are you running any type of endpoint agents, do you have any software restriction policies in place, etc?


Can you try running winlogbeat in the foreground (not as a service) from a console to see if it starts this way or gives an error.

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test config -c .\winlogbeat.yml -e


PS C:\Program Files\Winlogbeat> .\winlogbeat.exe -c .\winlogbeat.yml -e

Workstation is Win10 Enterprise and there would be some Win7 installs mixed in there as well if we move forward with installing throughout Enterprise.

Currently just trying to get it working on a micro-scale (just within Security Group). Endpoint agents? Besides SCCM, VMware, McAfee, Our Ticketing System Agent, and a potential Tachyon POC we have no agents to speak of.

GPO policy determines local execution policies so how to override this on a mass scale?

It looks like you may have pasted or typed more than you wanted into the PowerShell prompt. I see two sets of PS C:\Program Files\Winlogbeat> in your screenshot.

From the Winlogbeat dir run this in powershell:

.\winlogbeat.exe test config -c .\winlogbeat.yml -e

Appears to be an error with the logstash-forwarder.crt?

Use single quotes around your strings so that you don't have to escape the \ characters in paths.

Alternatively you can use / instead of \ in the windows paths and they will get corrected automatically.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.