Winlogbeat 6.1.1 for Windows 설치 및 구축

1. Winlogbeat를 내려받습니다.

2. 내려받은 압축 파일을 해제합니다.

3. winlogbeat.yml 파일을 적절히 편집합니다.

4. powershell을 실행합니다.

5. winlogbeat 폴더가 위치한 곳으로 이동합니다.

PS C:\> cd C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64\
 

6. install-service-winlogbeat.ps1 파일을 실행합니다.

PS C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64> .\install-service-winlogbeat.ps1
 
Status   Name               DisplayName
------   ----               -----------
Stopped  winlogbeat         winlogbeat
 

7. winlogbeat 서비스를 테스트합니다.

 : Start-Service winlogbeat

PS C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64> .\winlogbeat.exe test config -c .\winlogbeat.y
ml -e
2018/03/16 06:55:58.025085 beat.go:436: INFO Home path: [C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64] Config path: [C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64] Data path: [C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64\data] Logs path: [C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64\logs]
2018/03/16 06:55:58.025085 metrics.go:23: INFO Metrics logging every 30s
2018/03/16 06:55:58.026092 beat.go:443: INFO Beat UUID: 5ef661c8-806f-465d-b3db-5f1d4def5309
2018/03/16 06:55:58.029186 beat.go:203: INFO Setup Beat: winlogbeat; Version: 6.1.1
2018/03/16 06:55:58.030192 client.go:123: INFO Elasticsearch url: http://localhost:9200
2018/03/16 06:55:58.030192 module.go:76: INFO Beat name: DESKTOP-AKG019N
2018/03/16 06:55:58.030192 winlogbeat.go:56: INFO State will be read from and persisted to C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64\data\.winlogbeat.yml
Config OK
 

8. winlogbeat 서비스를 실행합니다.

 : Start-Service winlogbeat

PS C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64> Start-Service winlogbeat
 

9. winlogbeat 서비스를 중지합니다.

 : Stop-Service winlogbeat

PS C:\winlogbeat-6.1.1-windows-x86_64\winlogbeat-6.1.1-windows-x86_64> Stop-Service winlogbeat