Installation Guide for UTMStack Winlogbeat agent for Windows Server 2008

Created by Juan Manuel Libera Frómeta, Modified on Tue, 07 Feb 2023 at 07:43 AM by Juan Manuel Libera Frómeta

1. Download Winlogbeat at the following link

2. Unzip the file in C:\Program Files

3. Rename folder to Winlogbeat

4.Configure winlogbeat.yml file with probe data and certificates


- name: Application

   ignore_older: 72h

- name: System

- name: Security

- name: Microsoft-Windows-Sysmon/Operational

- name: Windows PowerShell

  event_id: 400, 403, 600, 800

- name: Microsoft-Windows-PowerShell/Operational

  event_id: 4103, 4104, 4105, 4106

- name: ForwardedEvents

  tags: [forwarded]

#==================== Elasticsearch template setting ====================


index.number_of_shards: 3

#----------------------------- Logstash output --------------------------------


hosts: ['IP al que se van enviar los logs:5044']

ssl.certificate_authorities: ['C:\Program Files\Winlogbeat\keys\ca.crt']

ssl.certificate: 'C:\Program Files\Winlogbeat\keys\client.crt'

ssl.key: 'C:\Program Files\Winlogbeat\keys\client.key'

ssl.verification_mode: none
#==========================Processors =====================================
- add_host_metadata:
  when.not.contains.tags: forwarded
- add_cloud_metadata: ~ 
**You must generate the certificates yourself and save them in the specified path:
C:\Program Files\Winlogbeat\Keys\
5.Run a PowerSehell console as administrator and run the following command

cd 'C:\Program Files\Winlogbeat'


**If script execution is disabled on your system, you must configure the execution policy of the current session to allow the script to be executed. 

For example PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-winlogbeat.ps1.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article