# PSGraylog
*A PowerShell interface for Graylog*

# Getting Started
1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the 
   [Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
   ```pwsh
	$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
	Invoke-RestMethod $URI | Invoke-Expression
	 ```
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run 
   this with `Initialize-GraylogServiceVault` later if you wish)
   ```pwsh
	Import-Module PSGraylog
	 ```
3. Then, connect to Graylog.
   ```pwsh
	Connect-Graylog
	 ```
4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
   ```pwsh
	$Query = "EventID:4740 && TargetUsername:ab123456" 
	Search-Graylog $Query
	 ```
5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to 
   locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
	 ```pwsh
	$Job = Search-Graylog $Query -AsJob
	$Job | Receive-GraylogSearchJob
	 ```