Prerequisites
If script execution is disabled on your system, set the execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File
.\install-service-winlogbeat.ps1
Install Winlogbeat on the WEC server
- Download the Winlogbeat zip file from the Elastic downloads page.
- Extract the zip file into the standard software installation directory – typically
C:\Program Files
. - Rename the
winlogbeat-<version>-<OS>
directory that you just extracted to Winlogbeat. - Right-click on the PowerShell icon and click on Run As Administrator.
- From the PowerShell prompt, enter these commands to install the service:
cd '<software installation directory>\Winlogbeat'
.\install-service-winlogbeat.ps1
The output should look like this:
PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat'
PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1
Security warning
Run only scripts that you trust. While scripts from the internet can be useful,this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message.
Do you want to run C:\Program Files\Winlogbeat\install-service-winlogbeat.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Status Name DisplayName
------ ---- -----------
Stopped winlogbeat winlogbeat