crash.software
Projects
Pull Requests
Issues
Builds
GOAD
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY GOAD Commits b871657b
🤬
  • ■ ■ ■ ■ ■ ■
    ansible/roles/logs_windows/defaults/main.yml
    skipped 3 lines
    4 4  sysmon_download_file: Sysmon
    5 5  file_ext: .zip
    6 6  sysmon_config_url: "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml"
     7 + 
     8 +winlogbeat_service:
     9 + install_path_64: "C:\\Program Files\\Elastic\\winlogbeat"
     10 + install_path_32: "C:\\Program Files (x86)\\Elastic\\winlogbeat"
     11 + version: "7.17.6"
     12 + download: true
  • ■ ■ ■ ■ ■ ■
    ansible/roles/logs_windows/files/uninstall-service-winlogbeat.ps1
     1 +# Delete and stop the service if it already exists.
     2 +if (Get-Service winlogbeat -ErrorAction SilentlyContinue) {
     3 + $service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'"
     4 + $service.StopService()
     5 + Start-Sleep -s 1
     6 + $service.delete()
     7 +}
     8 + 
  • ■ ■ ■ ■ ■ ■
    ansible/roles/logs_windows/handlers/main.yml
     1 +---
     2 +- name: restart-winlogbeat
     3 + win_shell: Restart-Service winlogbeat
  • ■ ■ ■ ■ ■ ■
    ansible/roles/logs_windows/tasks/main.yml
    1  -- name: Ensure chocolatey is installed
    2  - win_chocolatey:
    3  - name:
    4  - - chocolatey
    5  - - chocolatey-core.extension
    6  - state: present
    7  - 
    8 1  - name: Install winlogbeat
    9  - win_chocolatey:
    10  - name: winlogbeat
    11  - state: present
     2 + import_tasks: winlogbeat.yml
    12 3   
    13 4  - name: Set winlogbeat config file
    14 5   win_copy:
    skipped 44 lines
    59 50   failed_when: resultwlb is not defined
    60 51   ignore_errors: yes
    61 52   
     53 +- name: Reboot before launch setup
     54 + win_reboot:
     55 + reboot_timeout: 600
     56 + post_reboot_delay: 100
     57 + when: resultwlb.state is defined and resultwlb.state != 'running'
     58 + 
    62 59  - name: Run winlogbeat setup
    63 60   win_command: "winlogbeat setup -e"
    64 61   args:
    65  - chdir: C:\ProgramData\chocolatey\lib\winlogbeat\tools\
    66  - when: resultwlb.state is not defined or resultwlb.name is not defined
     62 + chdir: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64\\"
     63 + when: resultwlb.state is defined and resultwlb.state != 'running'
    67 64   
    68 65  # RUN winlogbeat
    69 66  - name: check winlogbeat service
    skipped 5 lines
  • ■ ■ ■ ■ ■ ■
    ansible/roles/logs_windows/tasks/winlogbeat.yml
     1 +---
     2 +# from https://github.com/j91321/ansible-role-winlogbeat
     3 +- name: Create 64-bit install directory
     4 + win_file:
     5 + path: "{{ winlogbeat_service.install_path_64 }}"
     6 + state: directory
     7 + 
     8 +- name: Check if winlogbeat service is installed
     9 + win_service:
     10 + name: winlogbeat
     11 + register: winlogbeat_installed
     12 + 
     13 +- name: Check if winlogbeat is using current version
     14 + win_stat:
     15 + path: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64"
     16 + register: winlogbeat_folder
     17 + 
     18 +- name: Copy winlogbeat uninstall script
     19 + win_copy:
     20 + src: files/uninstall-service-winlogbeat.ps1
     21 + dest: "{{ winlogbeat_service.install_path_64 }}\\uninstall-service-winlogbeat.ps1"
     22 + force: yes
     23 + when: winlogbeat_installed.exists and not winlogbeat_folder.stat.exists
     24 + 
     25 +- name: Uninstall winlogbeat
     26 + win_shell: .\uninstall-service-winlogbeat.ps1
     27 + args:
     28 + chdir: "{{ winlogbeat_service.install_path_64 }}"
     29 + when: winlogbeat_installed.exists and not winlogbeat_folder.stat.exists
     30 + 
     31 +- name: Download winlogbeat
     32 + win_get_url:
     33 + url: "https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64.zip"
     34 + dest: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat.zip"
     35 + when: winlogbeat_service.download and not winlogbeat_folder.stat.exists
     36 + 
     37 +- name: Copy winlogbeat
     38 + win_copy:
     39 + src: "files/winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64.zip"
     40 + dest: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat.zip"
     41 + when: not winlogbeat_service.download and not winlogbeat_folder.stat.exists
     42 + 
     43 +- name: Unzip winlogbeat
     44 + win_unzip:
     45 + src: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat.zip"
     46 + dest: "{{ winlogbeat_service.install_path_64 }}\\"
     47 + delete_archive: yes
     48 + when: not winlogbeat_folder.stat.exists
     49 + 
     50 +- name: Configure winlogbeat
     51 + win_copy:
     52 + src: winlogbeat.yml
     53 + dest: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64\\winlogbeat.yml"
     54 + notify: restart-winlogbeat
     55 + 
     56 +- name: Install winlogbeat
     57 + win_shell: .\install-service-winlogbeat.ps1
     58 + args:
     59 + chdir: "{{ winlogbeat_service.install_path_64 }}\\winlogbeat-{{ winlogbeat_service.version }}-windows-x86_64\\"
     60 + when: not winlogbeat_folder.stat.exists
     61 + notify: restart-winlogbeat
     62 + 
     63 +- name: Remove other winlogbeat installations
     64 + win_shell: |
     65 + $version="{{ winlogbeat_service.version }}"
     66 + Get-ChildItem -Path "{{ winlogbeat_service.install_path_64 }}" | Where-Object {$_.Name -CNotMatch $version} | Remove-Item -Recurse
     67 + when: not winlogbeat_folder.stat.exists
     68 + 
Please wait...
Page is in error, reload to recover