29 lines
1022 B
Markdown
29 lines
1022 B
Markdown
|
# PSGraylog
|
||
|
|
*A PowerShell interface for Graylog*
|
||
|
|
|
||
|
|
# Getting Started
|
||
|
|
1. First, install and import the module from your local PSGallery repo.
|
||
|
|
You should be prompted to set up your Graylog host, and your credentials.
|
||
|
|
(You can always re-run this with `Initialize-GraylogServiceVault`)
|
||
|
|
```pwsh
|
||
|
|
TODO: How to install from a repo
|
||
|
|
Install-Module PSGraylog
|
||
|
|
Import-Module PSGraylog
|
||
|
|
```
|
||
|
|
2. Then, connect to Graylog.
|
||
|
|
```pwsh
|
||
|
|
Connect-GraylogService
|
||
|
|
```
|
||
|
|
3. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
|
||
|
|
```pwsh
|
||
|
|
$Query = "EventID:4740 && TargetUsername:ab123456"
|
||
|
|
Search-Graylog $Query
|
||
|
|
```
|
||
|
|
4. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object.
|
||
|
|
This object contains various identifers used to locate the search query, and is much quicker then
|
||
|
|
re-running the query.
|
||
|
|
```pwsh
|
||
|
|
$Job = Search-Graylog $Query -AsJob
|
||
|
|
$Job | Receive-GraylogSearchJob
|
||
|
|
```
|