31 lines
1.4 KiB
Markdown
31 lines
1.4 KiB
Markdown
# PSGraylog
|
|
*A PowerShell interface for Graylog*
|
|
|
|
# Getting Started
|
|
1. First, download the module to your PSModulePath. You should probably verify random scripts before downloading on the internet, so maybe check out the
|
|
[Install.ps1](https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1) file before running it? c:
|
|
```pwsh
|
|
$URI = "https://git.wnd.sh/n/PSGraylog/raw/branch/main/Install.ps1"
|
|
Invoke-RestMethod $URI | Invoke-Expression
|
|
```
|
|
2. Next, import the module into your environment. You should be prompted to set up your Graylog host, and your credentials. (Note that you can always re-run
|
|
this with `Initialize-GraylogServiceVault` later if you wish)
|
|
```pwsh
|
|
Import-Module PSGraylog
|
|
```
|
|
3. Then, connect to Graylog.
|
|
```pwsh
|
|
Connect-Graylog
|
|
```
|
|
4. Finally, run a query (the default for the **-LogName** parameter is *'Windows Security'*, which is (in my environment, anyways) Active Directory logs):
|
|
```pwsh
|
|
$Query = "EventID:4740 && TargetUsername:ab123456"
|
|
Search-Graylog $Query
|
|
```
|
|
5. If you want to re-use the data, you can use the **-AsJob** parameter to return a GraylogSearchJob object. This object contains various identifers used to
|
|
locate the search query, and is much quicker then re-running the entire query from scratch with new identifiers.
|
|
```pwsh
|
|
$Job = Search-Graylog $Query -AsJob
|
|
$Job | Receive-GraylogSearchJob
|
|
```
|