PSGraylog/README.md

# PSGraylog
*A PowerShell interface for Graylog*

# Getting Started
1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the 
   [Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
   ```pwsh
	$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
	Invoke-RestMethod $URI | Invoke-Expression
	 ```
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run 
   this with `Initialize-GraylogServiceVault` later if you wish)
   ```pwsh
	Import-Module PSGraylog
	 ```
3. Then, connect to Graylog.
   ```pwsh
	Connect-Graylog
	 ```
4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
   ```pwsh
	$Query = "EventID:4740 && TargetUsername:ab123456" 
	Search-Graylog $Query
	 ```
5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to 
   locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
	 ```pwsh
	$Job = Search-Graylog $Query -AsJob
	$Job | Receive-GraylogSearchJob
	 ```
Initial commit 2024-07-25 02:31:34 +01:00			`# PSGraylog`
			`A PowerShell interface for Graylog`

			`# Getting Started`
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the`
			`[Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:`
			```pwsh
			`$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"`
chore: fixed typo in install 2024-07-25 14:45:46 +01:00			`Invoke-RestMethod $URI \| Invoke-Expression`
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			```
			`2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run`
			this with `Initialize-GraylogServiceVault` later if you wish)
Initial commit 2024-07-25 02:31:34 +01:00			```pwsh
			`Import-Module PSGraylog`
			```
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`3. Then, connect to Graylog.`
Initial commit 2024-07-25 02:31:34 +01:00			```pwsh
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`Connect-Graylog`
Initial commit 2024-07-25 02:31:34 +01:00			```
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`4. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):`
Initial commit 2024-07-25 02:31:34 +01:00			```pwsh
			`$Query = "EventID:4740 && TargetUsername:ab123456"`
			`Search-Graylog $Query`
			```
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`5. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. This object contains various identifers used to`
			`locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.`
Initial commit 2024-07-25 02:31:34 +01:00			```pwsh
chore: Update PSGraylog module installation instructions and improve code readability 2024-07-25 14:24:40 +01:00			`$Job = Search-Graylog $Query -AsJob`
			`$Job \| Receive-GraylogSearchJob`
Initial commit 2024-07-25 02:31:34 +01:00			```