A PowerShell interface for Graylog.
Go to file
2024-07-25 14:16:42 +01:00
Functions chore: Ensure Graylog session is set before making requests, and added better error handling 2024-07-25 03:11:59 +01:00
Install.ps1 Created an install.ps1 script, in lieu of being able to upload it directly to a PSGallery-like package manager. 2024-07-25 14:16:42 +01:00
PSGraylog.psd1 Added shorthand alias for Search-Graylog (sg) 2024-07-25 03:11:42 +01:00
PSGraylog.psm1 chore: Update module import paths 2024-07-25 02:56:24 +01:00
README.md Initial commit 2024-07-25 02:31:34 +01:00

PSGraylog

A PowerShell interface for Graylog

Getting Started

  1. First, install and import the module from your local PSGallery repo. You should be prompted to set up your Graylog host, and your credentials. (You can always re-run this with Initialize-GraylogServiceVault)
     TODO: How to install from a repo
     Install-Module PSGraylog
     Import-Module PSGraylog
    
  2. Then, connect to Graylog.
     Connect-GraylogService
    
  3. Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
     $Query = "EventID:4740 && TargetUsername:ab123456" 
     Search-Graylog $Query
    
  4. If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. This object contains various identifers used to locate the search query, and is much quicker then re-running the query.
    $Job = Search-Graylog $Query -AsJob
    $Job | Receive-GraylogSearchJob