If script execution is disabled on your system, set the execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File
Install Winlogbeat on the WEC server
- Download the Winlogbeat zip file from the Elastic downloads page.
- Extract the zip file into the standard software installation directory – typically
- Rename the
winlogbeat-<version>-<OS>directory that you just extracted to Winlogbeat.
- Right-click on the PowerShell icon and click on Run As Administrator.
- From the PowerShell prompt, enter these commands to install the service:
cd '<software installation directory>\Winlogbeat'
The output should look like this:
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1
Run only scripts that you trust. While scripts from the internet can be useful,this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message.
Do you want to run C:\Program Files\Winlogbeat\install-service-winlogbeat.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Status Name DisplayName
------ ---- -----------
Stopped winlogbeat winlogbeat