下载

https://www.elastic.co/downloads/beats/winlogbeat

PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'

PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1

编辑配置

winlogbeat.event_logs:

  - name: Application

  - name: Security

  - name: System

output.elasticsearch:

  hosts:

    - localhost:9200

logging.to_files: true

logging.files:

  path: C:/ProgramData/winlogbeat/Logs

logging.level: info

setup.template.enabled:
setup.template.name: "1.2"
setup.template.pattern: "1.2-*"

setup.kibana:

  host: "localhost:5601"    //改一下有模板输出

output.elasticsearch:

  hosts: ["myEShost:9200"，"myEShost2:9200"]
  index: "1.2-%{+yyyy.MM.dd}"

PS C:\Program Files\Winlogbeat> winlogbeat.exe -c winlogbeat.yml

在C盘下建立一个 .bat 

cd C:\Program Files\Winlogbeat
winlogbeat.exe -c winlogbeat.yml

建立一个 .vbs

createobject("wscript.shell").run "c:\winlog.bat",0

开机自启动

关闭：进程里关闭即可