This PowerShell script allows you to deploy Winlogbeat on one or multiple Windows hosts, automatically applying your Logz.io settings.

• Windows (64-bit)
• PowerShell 5.1
• Ensure the appropriate Execution Policy is set on the machine (https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1)

• Default values are supplied in the script; to change any that are specific to your environment, edit InstallLogzioWinlogbeat.ps1 and update the values under the section that reads #DEFAULT VALUES; REPLACE ONLY IF NEEDED
• The current release of this script installs Winlogbeat v7.2.0
• The current release of this script only works on Windows instances that have no previous installation of Winlogbeat
• The current release of this script supports Application, System, and Security events
• To deploy across multiple Windows machines, a third-party orchestration tool (e.g.: Ansible, Chef, Puppet, etc.) will be necessary.

• Download InstallLogzioWinlogbeat.ps1

• Open a PowerShell session via Run as administrator

• Execute InstallLogzioWinlogbeat.ps1 and provide your Logz.io token and listener address. Example:

  .\InstallLogzioWinlogbeat.ps1 -token QieuWHajIABErtkatjavfdjNhu -listener listener.logz.io:5015

• The script will download Winlogbeat, the Logz.io certificate, apply the necessary configuration to your winlogbeat.yml, install it as a service, and start it. Pending a successful completion, you should see logs surfacing within seconds.