winlog

下载 

https://www.elastic.co/downloads/beats/winlogbeat

PS C:UsersAdministrator> cd 'C:Program FilesWinlogbeat'
PS C:Program FilesWinlogbeat> .install-service-winlogbeat.ps1

编辑配置

winlogbeat.event_logs:
  - name: Application
  - name: Security
  - name: System

output.elasticsearch:
  hosts:
    - localhost:9200

logging.to_files: true
logging.files:
  path: C:/ProgramData/winlogbeat/Logs
logging.level: info

setup.template.enabled:
setup.template.name: "1.2"
setup.template.pattern: "1.2-*"

setup.kibana:
  host: "localhost:5601"    //改一下有模板输出

output.elasticsearch:
  hosts: ["myEShost:9200"，"myEShost2:9200"]
  index: "1.2-%{+yyyy.MM.dd}"

PS C:Program FilesWinlogbeat> winlogbeat.exe -c winlogbeat.yml


在C盘下建立一个 .bat 

cd C:Program FilesWinlogbeat
winlogbeat.exe -c winlogbeat.yml

  建立一个 .vbs

createobject("wscript.shell").run "c:winlog.bat",0

开机自启动

关闭：进程里关闭即可