n/PSGraylog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Update PSGraylog module installation instructions and improve code readability

Browse Source
This commit is contained in:
Nathan Windisch 2024-07-25 14:24:40 +01:00
parent 9c9afd413d
commit 329bb8728a
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -2,26 +2,28 @@
*A PowerShell interface for Graylog*
# Getting Started
1. First, install and import the module from your local PSGallery repo.
You should be prompted to set up your Graylog host, and your credentials.
(You can always re-run this with `Initialize-GraylogServiceVault`)
1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the
[Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
```pwsh
$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
$URI | Invoke-RestMethod | Invoke-Expression
```
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run
this with `Initialize-GraylogServiceVault` later if you wish)
```pwsh
TODO: How to install from a repo
Install-Module PSGraylog
Import-Module PSGraylog
```
2. Then, connect to Graylog.
3. Then, connect to Graylog.
```pwsh
Connect-GraylogService
Connect-Graylog
```
3. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
```pwsh
$Query = "EventID:4740 && TargetUsername:ab123456"
Search-Graylog $Query
```
4. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object.
This object contains various identifers used to locate the search query, and is much quicker then
re-running the query.
5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to
locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
```pwsh
$Job = Search-Graylog $Query -AsJob
$Job | Receive-GraylogSearchJob