All Collections
SIEM
How to install Winlogbeat on Windows
How to install Winlogbeat on Windows

This guide will walk you through installing the winlogbeat agent on Windows, for use with our SIEM service.

Matthew Elliott avatar
Written by Matthew Elliott
Updated over a week ago

Winlogbeat is an agent which collects Windows Event Logs and sends them to our SIEM platform for analysis. This software differs from the log collector we asked you to configure.

During your SIEM onboarding, our Platform Engineering team will send you a deployment pack containing all of the software you need for us to start collecting your logs. This pack will contain a folder called winlogbeat, which is what you'll need for this guide.

Installation

  1. If you haven't already done so, copy the Winlogbeat folder from the deployment pack to the Desktop on your Windows device.

  2. Open a PowerShell prompt as an administrator

  3. In PowerShell navigate to the Winlogbeat folder and run the following command to start the installation:

    .\winlogbeat-install.ps1

    Note: if script execution is disabled on your system, run the below command to change the execution policy and allow the script to run:

    Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process

  4. Follow the onscreen prompt to enter your collector's IP address.

  5. Winlogbeat will be downloaded. installed and configured.

  6. The winlogbeat service will start.

    That's it! πŸŽ‰ Winlogbeat should start forwarding logs to your collector, please contact us to verify if we're receiving your logs.

Did this answer your question?