{"id":41024,"date":"2023-02-07T03:59:36","date_gmt":"2023-08-18T04:13:48","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/"},"modified":"2024-04-29T13:27:43","modified_gmt":"2024-04-29T05:27:43","slug":"%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/","title":{"rendered":"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5"},"content":{"rendered":"

\u9996\u5148<\/h1>\n

\u6211\u5df2\u7ecf\u5c1d\u8bd5\u4e86\u7531Elastic\u63d0\u4f9b\u7684winlogbeat(ver.1.2.3)\u3002<\/p>\n

\u672c\u7bc7\u6587\u7ae0\u4e3b\u8981\u5185\u5bb9\u5305\u62ec\uff1a
\n– \u4f7f\u7528Ansible playbook\u81ea\u52a8\u5b89\u88c5winlogbeat
\n– \u4f7f\u7528docker-compose\u6784\u5efaElasticsearch\u548cKibana\u73af\u5883<\/p>\n

\u7136\u800c\uff0c\u7531\u4e8e\u5c1a\u672a\u8fdb\u884c\u5145\u5206\u7684\u9a8c\u8bc1\uff0c\u56e0\u6b64\u8bf7\u5c06\u5176\u9650\u5b9a\u5728\u9a8c\u8bc1\u73af\u5883\u4e0b\u8fdb\u884c\u6f14\u793a\u548c\u793a\u8303\u4f7f\u7528\u3002<\/p>\n

1.1.winlogbeat\u662f\u4ec0\u4e48<\/h2>\n

Winlogbeat\u662f\u7528\u4e8e\u6536\u96c6Windows\u4e8b\u4ef6\u65e5\u5fd7\u5e76\u5c06\u5176\u53d1\u9001\u5230Elasticsearch\u7684\u5de5\u5177\u3002
\n\u5b83\u626e\u6f14\u4e86ELK\u5806\u6808\u4e2dlogstath\u7684\u89d2\u8272\u3002
\n\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0cbeats\u548clogstath\u53ef\u4ee5\u534f\u540c\u5de5\u4f5c\uff0c\u4f46\u8fd9\u6b21\u6ca1\u6709\u4f7f\u7528logstash\u3002<\/p>\n

\u6211\u6839\u636eelastic\u516c\u53f8\u5b98\u65b9\u7f51\u7ad9\u7684\u6587\u6863\uff0c\u5728Ansible\u4e0a\u521b\u5efa\u4e86\u4e00\u4e2aplaybook\uff0c\u7528\u4e8e\u5b89\u88c5winlogbeat(ver.1.2.3)\u5230Windows\u670d\u52a1\u5668\u3002<\/p>\n

1. \u5173\u4e8eElasticsearch\u548cKibana<\/h2>\n

\u6839\u636e\u8fd9\u7bc7\u6587\u7ae0\u7684\u53c2\u8003\uff0c\u6211\u53e6\u5916\u521b\u5efa\u4e86\u4e00\u4e2a\u4e0d\u5305\u62ecFluentd\u90e8\u5206\u7684\u7248\u672c\uff0c\u5e76\u5728Docker\u4e0a\u4f7f\u7528docker-compose\u6765\u642d\u5efa\u3002<\/p>\n

2. \u73af\u5883<\/h2>\n

Windows Server<\/p>\n

WindowsServer2012 R2
\nwinlogbeat ver. 1.2.3<\/p>\n

Elasticsearch \/ Kibana Server<\/p>\n

CentOS7.2
\nDocker ver. 1.12.0
\nDocker-compose ver. 1.8.0
\nElasticsearch ver. 2.3.4
\nKibana Ver. 4.5.3<\/p>\n

Ansible server<\/p>\n

CentOS6.7
\nAnsible ver. 2.2.0 (devel 3c65c03a67)<\/p>\n

3. \u4e0b\u8f7d\u5b89\u88c5<\/h2>\n

3.1. Elasticsearch \u548c Kibana \u7684\u73af\u5883\u5efa\u8bbe<\/h3>\n

\u5982\u679c\u60a8\u5df2\u7ecf\u6709Elasticsearch\u548cKibana\u73af\u5883\uff0c\u8bf7\u5ffd\u7565\u672c\u90e8\u5206\u3002
\n\u5728\u5b89\u88c5winlogbeat\u4e4b\u524d\uff0c\u8bf7\u5148\u5efa\u7acb\u6240\u9700\u7684Elasticsearch\u548cKibana\u73af\u5883\u3002
\n\u672c\u6b21\u6211\u4eec\u5c06\u4f7f\u7528Docker-compose\u5728Docker\u4e0a\u8fdb\u884c\u642d\u5efa\u3002<\/p>\n

3.1.1. \u4e0b\u8f7d\u8d44\u6599(\u4f8b\u5982Docker-compose.yml)\u3002<\/h4>\n

\u5728\u53ef\u4ee5\u4f7f\u7528Docker-compose\u7684\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u76ee\u5f55\u4e2d\u6267\u884c\u4ee5\u4e0b\u5185\u5bb9\u3002<\/p>\n

git clone https:\/\/github.com\/tbuchi888\/elasticsearch-kibana-docker-compose.git\r\ncd elasticsearch-kibana-docker-compose\r\n<\/code><\/pre>\n
\u5982\u679c\u65e0\u6cd5\u4f7f\u7528git\uff0c\u53ef\u4ee5\u4ece\u4ee5\u4e0b\u7684github\u94fe\u63a5\u4e2d\u4e0b\u8f7dzip\u6587\u4ef6\u7b49\u6765\u4f7f\u7528:
\nhttps:\/\/github.com\/tbuchi888\/elasticsearch-kibana-docker-compose<\/p>\n
\u8bf7\u4f7f\u7528\u4ee5\u4e0b\u7684\u6e90\u4ee3\u7801\u6587\u4ef6\u3002<\/p>\n
\u6587\u4ef6\u7ed3\u6784<\/p>\n
docker-compose.yml\r\nelasticsearch\/\r\n  - Dockerfile\r\n<\/code><\/pre>\n
docker-compose.yml \u53ef\u4ee5\u88ab\u7528\u4f5c Docker \u6574\u5408\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
elasticsearch<\/span>:<\/span>\r\n  build<\/span>:<\/span> elasticsearch<\/span>\r\n  ports<\/span>:<\/span>\r\n    -<\/span> 9200:9200<\/span>\r\nkibana<\/span>:<\/span>\r\n  image<\/span>:<\/span> kibana<\/span>\r\n  ports<\/span>:<\/span>\r\n    -<\/span> 9204:5601<\/span>\r\n  environment<\/span>:<\/span>\r\n      -<\/span> ELASTICSEARCH_URL=http:\/\/elasticsearch:9200<\/span>\r\n  links<\/span>:<\/span>\r\n      -<\/span> elasticsearch<\/span>\r\n<\/code><\/pre>\n
\u5f39\u6027\u641c\u7d22\/\u5bb9\u5668\u6587\u4ef6<\/p>\n
FROM elasticsearch\r\nRUN bin\/plugin install mobz\/elasticsearch-head\r\nEXPOSE 9200\r\nCMD  [\"bin\/elasticsearch\", \"-Des.insecure.allow.root=true\"]\r\n<\/code><\/pre>\n
3.1.2. \u542f\u52a8Docker<\/h4>\n
\u5728\u5305\u542bdocker-compose.yml\u6587\u4ef6\u7684\u76ee\u5f55\u4e2d\u542f\u52a8docker\u3002<\/p>\n
docker-compose up -d\r\n<\/code><\/pre>\n
\u53e6\u5916\uff0c\u505c\u6b62\u547d\u4ee4\u5982\u4e0b\u3002<\/p>\n
docker-compose stop\r\n<\/code><\/pre>\n
\u4ee5\u4e0a\u662felasticsearch-kibana\u7684\u5b89\u88c5\u5df2\u5b8c\u6210\u3002<\/p>\n
3.2. \u5b89\u88c5winlogbeat<\/h3>\n
\u5728Ansible\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u76ee\u5f55\u4e2d\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002<\/p>\n
3.2.1 \u8d44\u6e90\u4e0b\u8f7d\uff08winlogbeat\u4e3b\u7a0b\u5e8fzip\uff0cwin_unzip\u6a21\u5757\u4f7f\u7528\u7684pscx.msi\uff09<\/h4>\n
\u8bf7\u63d0\u524d\u4e0b\u8f7d\u4ee5\u4e0b\u6587\u4ef6\uff0c\u5e76\u5c06\u5176\u653e\u7f6e\u5728files\u76ee\u5f55\u4e2d\u3002<\/p>\n
    \n
  • \n
      files\/winlogbeat-1.2.3-windows.zip<\/ul>\n<\/li>\n<\/ul>\n
      winlogbeat-1.2.3-windows.zip
      \nsha1<\/p>\n
      files\/pscx.msi<\/p>\n
      pscx.msi
      \n\u30d6\u30e9\u30a6\u30b6\u7b49\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002wget\u3067\u306f\u3046\u307e\u304f\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002
      \n\u3053\u3061\u3089\u306e\u74b0\u5883\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u306fPscx-3.2.0.msi\u3067\u3057\u305f\u306e\u3067\u30d5\u30a1\u30a4\u30eb\u3092files\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u914d\u7f6e\u3059\u308b\u969b\u306bpscx.msi\u3078rename\u3057\u3066\u3054\u4f7f\u7528\u304f\u3060\u3055\u3044\u3002<\/p>\n
      3.2.2 \u6839\u636e\u81ea\u5df1\u7684\u73af\u5883\u8fdb\u884c\u53d8\u66f4\uff0c\u4e0b\u8f7d\u6240\u9700\u8d44\u6e90\uff08\u5982Ansible Playbook\uff09\u3002<\/h4>\n
      git clone https:\/\/github.com\/tbuchi888\/ansible_winlogbeat.git\r\ncd ansible_winlogbeat\/\r\n<\/code><\/pre>\n
      \u5982\u679c\u65e0\u6cd5\u4f7f\u7528git\u7684\u73af\u5883\uff0c\u53ef\u4ee5\u9009\u62e9\u4ece\u4ee5\u4e0bgithub\u94fe\u63a5\u4e2d\u4e0b\u8f7d\u538b\u7f29\u6587\u4ef6\u7b49\u65b9\u5f0f\u6765\u4f7f\u7528\uff1a
      \nhttps:\/\/github.com\/tbuchi888\/ansible_winlogbeat<\/p>\n
      \u8bf7\u4f7f\u7528\u4ee5\u4e0b\u7684\u6e90\u6587\u4ef6\u3002<\/p>\n
      \u6587\u4ef6\u7ed3\u6784<\/p>\n
      files\/\r\n - pscx.msi # \u9805\u756a3.2.1.\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u3082\u306e win_unzip\u30e2\u30b8\u30e5\u30fc\u30eb\u3067\u5229\u7528\u3057\u307e\u3059\r\n - winlogbeat-1.2.3-windows.zip # \u9805\u756a3.2.1.\u3067\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u305f\u3082\u306e winlogbeat\u672c\u4f53\r\nhosts # Ansible\u306e\u30a4\u30f3\u30d9\u30f3\u30c8\u30ea\u30d5\u30a1\u30a4\u30eb\r\ninstall_winlogbeat.yml # Ansible playbook\r\ntemplates\/\r\n - winlogbeat.yml.j2 # Ansible\u306eJinja2\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\r\n<\/code><\/pre>\n
      \u8bf7\u6839\u636e\u4ee5\u4e0b\u73af\u5883\u8fdb\u884c\u76f8\u5e94\u4fee\u6539\u3002
      \n\u5373\u4f7f\u60a8\u901a\u8fc7git clone\u6216\u4ecegithub\u4e0b\u8f7dzip\u6587\u4ef6\uff0c\u4e5f\u540c\u6837\u9002\u7528\u3002<\/p>\n
      [win]\r\nwin01 # \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5bfe\u8c61windows\u30b5\u30fc\u30d0\r\nwin02 # \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5bfe\u8c61windows\u30b5\u30fc\u30d0 \r\n\r\n[win:vars]\r\nansible_user=ansible_user\r\nansible_password=ansible_password\r\nansible_port=5985\r\nansible_connection=winrm\r\n<\/code><\/pre>\n
      \u5b89\u88c5_install_winlogbeat.yml_
      \n\u8bf7\u6839\u636e\u4ee5\u4e0b\u73af\u5883\u9002\u65f6\u66f4\u6539Elasticsearch\u7684\u53d8\u91cf\u3002\u5982\u679c\u4f7f\u7528\u4e86git clone\u6216\u4ecegithub\u4e0b\u8f7dzip\u6587\u4ef6\uff0c\u4e5f\u540c\u6837\u9700\u8981\u8fdb\u884c\u66f4\u6539\u3002<\/p>\n
      ---<\/span>\r\n-<\/span> hosts<\/span>:<\/span> win<\/span>\r\n# Don't gather hosts facts for performance<\/span>\r\n  gather_facts<\/span>:<\/span> no<\/span>\r\n  vars<\/span>:<\/span>\r\n# Elasticsearch hosts<\/span>\r\n    elas_hosts<\/span>:<\/span> 192.168.33.100<\/span> #Elasticsearch(Docker\u30b5\u30fc\u30d0)\u306ewindows\u30b5\u30fc\u30d0\u304b\u3089\u540d\u524d\u89e3\u6c7a\u53ef\u80fd\u306a\u30db\u30b9\u30c8\u540d\u307e\u305f\u306fIP\u30a2\u30c9\u30ec\u30b9 \u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u5909\u66f4\u3057\u3066\u304f\u3060\u3055\u3044<\/span>\r\n    elas_hosts_port<\/span>:<\/span> 9200<\/span> #Elasticsearch\u306eport\u756a\u53f7<\/span>\r\n# reinstall winlogbeat<\/span>\r\n    reinstall<\/span>:<\/span> true<\/span> #\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u5834\u5408\u306ftrue\u3092\u6307\u5b9a<\/span>\r\n\r\n# Setting the task<\/span>\r\n  tasks<\/span>:<\/span>\r\n\r\n#\u4ee5\u4e0b\u306f\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u7528\u306e\u8a2d\u5b9a\u3067\u3059\u3002\u304b\u306a\u308a\u5f37\u5f15\u306a\u3053\u3068\u3092\u3057\u3066\u3044\u308b\u306e\u3067\u3002<\/span>\r\n#\u4e0d\u8981\u306a\u5834\u5408\u306f\u524a\u9664\u3059\u308b\u304breinstall\u3092false\u306b\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/span>\r\n# \u3053\u3053\u304b\u3089\u3000----<\/span>\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Winlogbeat Stopped with ignore errors<\/span>\r\n     win_service<\/span>:<\/span>\r\n       name<\/span>:<\/span> winlogbeat<\/span>\r\n       start_mode<\/span>:<\/span> auto<\/span>\r\n       state<\/span>:<\/span> stopped<\/span>\r\n     ignore_errors<\/span>:<\/span> true<\/span>\r\n     when<\/span>:<\/span> reinstall==true<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Remove directory<\/span>\r\n     raw<\/span>:<\/span> Remove-Item -Path C:\\progra~1\\winlogbeat\\ -Force -Recurse -ErrorAction SilentlyContinue<\/span>\r\n     ignore_errors<\/span>:<\/span> true<\/span>\r\n     when<\/span>:<\/span> reinstall==true<\/span>\r\n# \u3053\u3053\u307e\u3067\u3000----<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Create work directory<\/span>\r\n     win_file<\/span>:<\/span>\r\n       path<\/span>:<\/span> \"<\/span>C:\/work\/\"<\/span>\r\n       state<\/span>:<\/span> \"<\/span>directory\"<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Copy zip file of Winlogbeat<\/span>\r\n     win_copy<\/span>:<\/span>\r\n       src<\/span>:<\/span> \"<\/span>files\/winlogbeat-1.2.3-windows.zip\"<\/span>\r\n       dest<\/span>:<\/span> \"<\/span>C:\/work\/winlogbeat-1.2.3-windows.zip\"<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Copy PSCX msi<\/span>\r\n     win_copy<\/span>:<\/span>\r\n       src<\/span>:<\/span> \"<\/span>files\/pscx.msi\"<\/span>\r\n       dest<\/span>:<\/span> '<\/span>C:\\work\\pscx.msi'<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Install PSCX<\/span>\r\n     win_msi<\/span>:<\/span>\r\n       path<\/span>:<\/span> '<\/span>C:\\work\\pscx.msi'<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Decompression zip file<\/span>\r\n     win_unzip<\/span>:<\/span>\r\n       src<\/span>:<\/span> \"<\/span>C:\/work\/winlogbeat-1.2.3-windows.zip\"<\/span>\r\n       dest<\/span>:<\/span> \"<\/span>C:\/work\/winlogbeat\"<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Move directory<\/span>\r\n     raw<\/span>:<\/span> Move-Item -Path \"C:\\work\\winlogbeat\\winlogbeat-1.2.3-windows\\\" -Destination \"C:\\progra~1\\winlogbeat\\\"<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Preparing for Step Change config of Winlogbeat<\/span>\r\n     win_template<\/span>:<\/span>\r\n       src<\/span>:<\/span> templates\/winlogbeat.yml.j2<\/span>\r\n       dest<\/span>:<\/span> C:\/progra~1\/winlogbeat\/winlogbeat.yml<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Winlogbeat Step1 Installing Winlogbeat<\/span>\r\n     raw<\/span>:<\/span> PowerShell.exe -ExecutionPolicy UnRestricted -File C:\\progra~1\\winlogbeat\\install-service-winlogbeat.ps1<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Winlogbeat Step2 Configuring Winlogbeat<\/span>\r\n     raw<\/span>:<\/span> C:\\progra~1\\winlogbeat\\winlogbeat.exe -c C:\\progra~1\\winlogbeat\\winlogbeat.yml -configtest -e<\/span>\r\n\r\n   #  Skip Winlogbeat Step3 Configuring Winlogbeat to Use Logstash<\/span>\r\n\r\n   -<\/span> name<\/span>:<\/span> Winlogbeat Step4 Loading the Index Template in Elasticsearch<\/span>\r\n     raw<\/span>:<\/span> Invoke-WebRequest -Method Put -InFile C:\\progra~1\\winlogbeat\\winlogbeat.template.json -Uri http:\/\/{{ elas_hosts }}:{{ elas_hosts_port }}\/_template\/winlogbeat?pretty -UseBasicParsing<\/span>\r\n   -<\/span> name<\/span>:<\/span> Winlogbeat Step5 Starting Winlogbeat<\/span>\r\n     win_service<\/span>:<\/span>\r\n       name<\/span>:<\/span> winlogbeat<\/span>\r\n       start_mode<\/span>:<\/span> auto<\/span>\r\n       state<\/span>:<\/span> started<\/span>\r\n<\/code><\/pre>\n
      \u6a21\u677f\/ winlogbeat.yml.j2
      \n\u8bf7\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff0c\u56e0\u4e3a\u8fd9\u6bb5\u592a\u957f\u3002
      \nhttps:\/\/raw.githubusercontent.com\/tbuchi888\/ansible_winlogbeat\/master\/templates\/winlogbeat.yml.j2<\/p>\n
      \u4ee5\u4e0b\u662f\u4e00\u4e2a\u4f7f\u7528Ansible playbook\u5b9a\u4e49\u53d8\u91cf\u5e76\u5c06\u5176\u4fee\u6539\u4e3aJinja2\u6a21\u677f\u7684\u4f8b\u5b50\uff0c\u8be5\u6a21\u677f\u4f4d\u4e8ewinlogbeat-1.2.3-windows.zip\u7684winlogbeat.yml\u4e2d\uff0c\u7528\u4e8eElasticsearch\u7684\u4e3b\u673a\u4fe1\u606f\u3002<\/p>\n
      \u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e\u4e2d\u6587\u4f7f\u7528\u4e86\u4e00\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u56e0\u6b64\u65e0\u6cd5\u63d0\u4f9b\u5b8c\u5168\u4e00\u81f4\u7684\u6c49\u8bed\u7ffb\u8bd1\u3002\u8fd9\u662f\u4e00\u4e2a\u5927\u81f4\u7684\u8868\u8fbe\uff0c\u53ef\u80fd\u9700\u8981\u6839\u636e\u4e0a\u4e0b\u6587\u8fdb\u884c\u67d0\u4e9b\u5fae\u8c03\u3002<\/p>\n
      #diff winlogbeat.yml winlogbeat.yml.j2\r\n42c42\r\n<     hosts: [\"localhost:9200\"]\r\n---\r\n>     hosts: [\"{{ elas_hosts }}:{{ elas_hosts_port }}\"]\r\n<\/code><\/pre>\n
      \u6267\u884cAnsible playbook 3.2.3\u3002<\/h4>\n
      \u5728Ansible\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u4ee5\u4e0bplaybook\uff0c\u5e76\u5b89\u88c5winlogbeat\u5230Windows\u670d\u52a1\u5668\u3002<\/p>\n
      ansible-playbook -i hosts install_winlogbeat.yml -v\r\n<\/code><\/pre>\n
      winlogbeat\u5b89\u88c5\u5df2\u5b8c\u6210\u3002<\/p>\n
      4. Kibana\u7684\u521d\u59cb\u8bbe\u7f6e\u548c\u65e5\u5fd7\u786e\u8ba4<\/h2>\n
      \u901a\u8fc7\u6d4f\u89c8\u5668\u8bbf\u95eeKibana\uff08http:\/\/192.168.33.100:9204\/ \u203b192.168.33.100\u4e3aDocker\u7684IP\uff09\uff0c\u7136\u540e\u5728”Setting”\u9009\u9879\u5361\u4e2d\u6ce8\u518c\u7d22\u5f15\u6a21\u5f0f\u3002<\/p>\n
      \"kibana_index.png\"<\/div>\n
      \u5c06(logstash-\u3068\u306a\u3063\u3066\u3044\u308b\u90e8\u5206)\u6539\u4e3a`winlogbeat-\uff0c\u7136\u540e\u70b9\u51fbCreate\u6309\u94ae\u3002<\/p>\n
      \"kibana_index2.png\"<\/div>\n
      \u6211\u5c06\u786e\u8ba4\u5728”\u63a2\u7d22”\u9009\u9879\u5361\u4e2d\uff0c\u80fd\u591f\u6536\u96c6\u5230\u65e5\u5fd7\u3002<\/p>\n
      \"kibana_discover.png\"<\/div>\n
      \u4ee5\u4e0a<\/p>\n","protected":false},"excerpt":{"rendered":"
      \u9996\u5148 \u6211\u5df2\u7ecf\u5c1d\u8bd5\u4e86\u7531Elastic\u63d0\u4f9b\u7684winlogbeat(ver.1.2.3)\u3002 \u672c\u7bc7\u6587\u7ae0\u4e3b\u8981\u5185\u5bb9\u5305\u62ec\uff1a  […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-41024","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u901a\u8fc7\u4f7f\u7528winlogbeat-elasticsearch-kibana\u6765\u53ef\u89c6\u5316windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148 \u6211\u5df2\u7ecf\u5c1d\u8bd5\u4e86\u7531Elastic\u63d0\u4f9b\u7684winlogbeat(ver.1.2.3)\u3002 \u672c\u7bc7\u6587\u7ae0\u4e3b\u8981\u5185\u5bb9\u5305\u62ec\uff1a […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u901a\u8fc7\u4f7f\u7528winlogbeat-elasticsearch-kibana\u6765\u53ef\u89c6\u5316windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-18T04:13:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T05:27:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d441437434c4406c9e176\/55-0.png\" \/>\n<meta name=\"author\" content=\"\u6e05, \u5b87\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u5b87\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/\",\"name\":\"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-08-18T04:13:48+00:00\",\"dateModified\":\"2024-04-29T05:27:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e\",\"name\":\"\u6e05, \u5b87\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u5b87\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyu\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u901a\u8fc7\u4f7f\u7528winlogbeat-elasticsearch-kibana\u6765\u53ef\u89c6\u5316windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\/","og_locale":"zh_CN","og_type":"article","og_title":"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5","og_description":"\u9996\u5148 \u6211\u5df2\u7ecf\u5c1d\u8bd5\u4e86\u7531Elastic\u63d0\u4f9b\u7684winlogbeat(ver.1.2.3)\u3002 \u672c\u7bc7\u6587\u7ae0\u4e3b\u8981\u5185\u5bb9\u5305\u62ec\uff1a […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u901a\u8fc7\u4f7f\u7528winlogbeat-elasticsearch-kibana\u6765\u53ef\u89c6\u5316windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-08-18T04:13:48+00:00","article_modified_time":"2024-04-29T05:27:43+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d441437434c4406c9e176\/55-0.png"}],"author":"\u6e05, \u5b87","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u5b87","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"3 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/","name":"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-08-18T04:13:48+00:00","dateModified":"2024-04-29T05:27:43+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u901a\u8fc7\u4f7f\u7528winlogbeat + Elasticsearch + Kibana\u6765\u53ef\u89c6\u5316Windows\u7cfb\u7edf\u65e5\u5fd7\uff0c\u751a\u81f3\u53ef\u4ee5\u81ea\u52a8\u5316\u5b89\u88c5"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e","name":"\u6e05, \u5b87","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g","caption":"\u6e05, \u5b87"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyu\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e9%80%9a%e8%bf%87%e4%bd%bf%e7%94%a8winlogbeat-elasticsearch-kibana%e6%9d%a5%e5%8f%af%e8%a7%86%e5%8c%96windows%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%ef%bc%8c%e7%94%9a%e8%87%b3%e5%8f%af%e4%bb%a5\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=41024"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41024\/revisions"}],"predecessor-version":[{"id":85548,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/41024\/revisions\/85548"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=41024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=41024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=41024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}