下载 

https://www.elastic.co/downloads/beats/winlogbeat

PS C:\Users\Administrator> cd 'C:\Program Files\Winlogbeat' PS C:\Program Files\Winlogbeat> .\install-service-winlogbeat.ps1 编辑配置

winlogbeat.event_logs:  - name: Application - name: Security - name: System output.elasticsearch: hosts: - localhost:9200 logging.to_files: true logging.files: path: C:/ProgramData/winlogbeat/Logs logging.level: info

setup.template.enabled:

setup.template.name: "1.2"

setup.template.pattern: "1.2-*"

setup.kibana:  host: "localhost:5601"    //改一下有模板输出

output.elasticsearch:  hosts: ["myEShost:9200"，"myEShost2:9200"] index: "1.2-%{+yyyy.MM.dd}"

PS C:\Program Files\Winlogbeat> winlogbeat.exe -c winlogbeat.yml 在C盘下建立一个 .bat

cd C:\Program Files\Winlogbeat

winlogbeat.exe -c winlogbeat.yml

  建立一个 .vbs

createobject("wscript.shell").run "c:\winlog.bat",0

开机自启动

关闭：进程里关闭即可