n/PSGraylog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
A PowerShell interface for Graylog.
16 Commits 1 Branch 0 Tags 45 KiB
PowerShell 100%
main
Go to file
Nathan Windisch 63bfd2bc40 Updated Connect-GraylogService to import the ConvertFrom-GraylogSession function before it calls is
2024-07-26 13:57:45 +01:00
Functions Updated Connect-GraylogService to import the ConvertFrom-GraylogSession function before it calls is 2024-07-26 13:57:45 +01:00
Install.ps1 chore: Update PSGraylog module installation script to install required modules (if they're not installed already) 2024-07-25 15:08:40 +01:00
PSGraylog.psd1 Update PSGraylog module installation script to use the correct module path 2024-07-25 15:12:10 +01:00
PSGraylog.psm1 Added some functionality for PS5.1 and below, as it doesn't seem to properly import the other functions 2024-07-26 13:57:04 +01:00
README.md chore: fixed typo in install 2024-07-25 14:45:46 +01:00

README.md

PSGraylog

A PowerShell interface for Graylog

Getting Started

  1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the Install.ps1 file before running it? c: 
     $URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
 Invoke-RestMethod $URI | Invoke-Expression
  2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run this with Initialize-GraylogServiceVault later if you wish) 
     Import-Module PSGraylog
  3. Then, connect to Graylog. 
     Connect-Graylog
  4. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs): 
     $Query = "EventID:4740 && TargetUsername:ab123456" 
 Search-Graylog $Query
  5. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. This object contains various identifers used to locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers. 
    Job = Search-Graylog $Query -AsJob
Job | Receive-GraylogSearchJob