chore: Update PSGraylog module installation instructions and improve code readability
This commit is contained in:
parent
9c9afd413d
commit
329bb8728a
28
README.md
28
README.md
@ -2,27 +2,29 @@
|
|||||||
*A PowerShell interface for Graylog*
|
*A PowerShell interface for Graylog*
|
||||||
|
|
||||||
# Getting Started
|
# Getting Started
|
||||||
1. First, install and import the module from your local PSGallery repo.
|
1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the
|
||||||
You should be prompted to set up your Graylog host, and your credentials.
|
[Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
|
||||||
(You can always re-run this with `Initialize-GraylogServiceVault`)
|
```pwsh
|
||||||
|
$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
|
||||||
|
$URI | Invoke-RestMethod | Invoke-Expression
|
||||||
|
```
|
||||||
|
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run
|
||||||
|
this with `Initialize-GraylogServiceVault` later if you wish)
|
||||||
```pwsh
|
```pwsh
|
||||||
TODO: How to install from a repo
|
|
||||||
Install-Module PSGraylog
|
|
||||||
Import-Module PSGraylog
|
Import-Module PSGraylog
|
||||||
```
|
```
|
||||||
2. Then, connect to Graylog.
|
3. Then, connect to Graylog.
|
||||||
```pwsh
|
```pwsh
|
||||||
Connect-GraylogService
|
Connect-Graylog
|
||||||
```
|
```
|
||||||
3. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
|
4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
|
||||||
```pwsh
|
```pwsh
|
||||||
$Query = "EventID:4740 && TargetUsername:ab123456"
|
$Query = "EventID:4740 && TargetUsername:ab123456"
|
||||||
Search-Graylog $Query
|
Search-Graylog $Query
|
||||||
```
|
```
|
||||||
4. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object.
|
5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to
|
||||||
This object contains various identifers used to locate the search query, and is much quicker then
|
locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
|
||||||
re-running the query.
|
|
||||||
```pwsh
|
```pwsh
|
||||||
$Job = Search-Graylog $Query -AsJob
|
$Job = Search-Graylog $Query -AsJob
|
||||||
$Job | Receive-GraylogSearchJob
|
$Job | Receive-GraylogSearchJob
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user