n/PSGraylog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Update PSGraylog module installation instructions and improve code readability

Browse Source
This commit is contained in:
Nathan Windisch 2024-07-25 14:24:40 +01:00
parent 9c9afd413d
commit 329bb8728a
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -2,27 +2,29 @@
*A PowerShell interface for Graylog* *A PowerShell interface for Graylog*
# Getting Started # Getting Started
1. First, install and import the module from your local PSGallery repo. 1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the
You should be prompted to set up your Graylog host, and your credentials. [Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
(You can always re-run this with `Initialize-GraylogServiceVault`) ```pwsh
$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
$URI | Invoke-RestMethod | Invoke-Expression
```
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run
this with `Initialize-GraylogServiceVault` later if you wish)
```pwsh ```pwsh
TODO: How to install from a repo
Install-Module PSGraylog
Import-Module PSGraylog Import-Module PSGraylog
``` ```
2. Then, connect to Graylog. 3. Then, connect to Graylog.
```pwsh ```pwsh
Connect-GraylogService Connect-Graylog
``` ```
3. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs): 4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
```pwsh ```pwsh
$Query = "EventID:4740 && TargetUsername:ab123456" $Query = "EventID:4740 && TargetUsername:ab123456"
Search-Graylog $Query Search-Graylog $Query
``` ```
4. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. 5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to
This object contains various identifers used to locate the search query, and is much quicker then locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
re-running the query.
```pwsh ```pwsh
$Job = Search-Graylog $Query -AsJob $Job = Search-Graylog $Query -AsJob
$Job | Receive-GraylogSearchJob $Job | Receive-GraylogSearchJob
``` ```