Skip to content

Commit

Permalink
Add a command to allow the execution of the winlogbeat.exe file (#38)
Browse files Browse the repository at this point in the history 
Co-authored-by: Clint Baxley <[email protected]>
  • Loading branch information
@cbaxley @mitchelbaker-cisa
2 people authored and mitchelbaker-cisa committed Nov 17, 2023
1 parent 7786ce5 commit d7b69f3
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/markdown/chapter3/chapter3.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,7 @@ Figure 3: Winlogbeat Install Location
Then, move the 'winlogbeat.yml' file located at ```C:\Program Files\lme\winlogbeat.yml``` into the winlogbeat folder ```C:\Program Files\lme\winlogbeat-8.[x].[y]-windows-x86_64```, overwriting the existing file when prompted to do so.

Now, open PowerShell as an administrator and run the following command from the winlogbeat directory, allowing the script to run if prompted to do so: ```./install-service-winlogbeat.ps1```
If you receive a permissions error you can run ```Set-ExecutionPolicy Unrestricted -Scope Process``` to be able to run the installer.

![Winlogbeat Install Script](/docs/imgs/winlogbeat-install.png)
<p align="center">
Expand Down

0 comments on commit d7b69f3

Please sign in to comment.