Skip to content

Instantly share code, notes, and snippets.

@et0x
Created August 5, 2016 21:51
Show Gist options
  • Save et0x/c959007a105c2577fbe2b98bb5b3a1bb to your computer and use it in GitHub Desktop.
Save et0x/c959007a105c2577fbe2b98bb5b3a1bb to your computer and use it in GitHub Desktop.
Simple way to get wmi data from remote machines into ELK .... very extensible
$LOGSTASH_IP = "192.168.197.222"
$Computers = Get-Content "C:\hosts.txt"
foreach ($computer in $Computers)
{
Get-WmiObject Win32_Process -Computername $computer `
| Select Caption,CreationDate,Description,ExecutablePath,Name,ProcessId,ParentProcessId `
| ConvertTo-Json -Compress `
| % { Invoke-WebRequest -Headers @{"Content-Type"="application/json"} -Method "POST" -Uri "http://$($LOGSTASH_IP):8080" -Body $_ }
}
<#
# below is a simple logstash config which would work #
input {
http {}
}
output {
elasticsearch {
hosts => '192.168.197.222:9200'
index => 'process_logs'
}
}
#>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment