A PowerShell interface for Graylog.

Go to file

Nathan Windisch 9c9afd413d Created an install.ps1 script, in lieu of being able to upload it directly to a PSGallery-like package manager.		2024-07-25 14:16:42 +01:00
Functions	chore: Ensure Graylog session is set before making requests, and added better error handling	2024-07-25 03:11:59 +01:00
Install.ps1	Created an install.ps1 script, in lieu of being able to upload it directly to a PSGallery-like package manager.	2024-07-25 14:16:42 +01:00
PSGraylog.psd1	Added shorthand alias for Search-Graylog (sg)	2024-07-25 03:11:42 +01:00
PSGraylog.psm1	chore: Update module import paths	2024-07-25 02:56:24 +01:00
README.md	Initial commit	2024-07-25 02:31:34 +01:00

PSGraylog

A PowerShell interface for Graylog

Getting Started

First, install and import the module from your local PSGallery repo. You should be prompted to set up your Graylog host, and your credentials. (You can always re-run this with Initialize-GraylogServiceVault)
```
 TODO: How to install from a repo
 Install-Module PSGraylog
 Import-Module PSGraylog
```
Then, connect to Graylog.
```
 Connect-GraylogService
```
Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
```
 $Query = "EventID:4740 && TargetUsername:ab123456" 
 Search-Graylog $Query
```
If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. This object contains various identifers used to locate the search query, and is much quicker then re-running the query.
```
$Job = Search-Graylog $Query -AsJob
$Job | Receive-GraylogSearchJob
```