Skip to content
share

Installing Logagent on Windows

Installation on Windows

  1. Download Node.js from nodejs.org and install it

  2. Install Logagent and Windows event plugin

md %ProgramData%\npm-cache
md %ProgramData%\npm
md %ProgramData%\npm\node_modules
call npm config --global set prefix "%ProgramData%\npm"
call npm config --global set cache "%ProgramData%\npm-cache"
setx PATH "%PATH%;%ProgramData%\npm" /M
call npm i -g @sematext/logagent
call npm i -g logagent-input-elasticsearch-stats
call npm i -g logagent-input-windows-events
call npm i -g node-windows
# run logagent windows version
logagent-windows --help

  1. Optional service installer

Create a configuration file for Logagent in

%ProgramData%\Sematext\logagent.conf

(default: c:\ProgramData\sematext\logagent.conf)

In case you want to store the configuration file in a different directory, enter the new location in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\LOGAGENT_CONFIG

Example config file to collect Windows events to Elasticsearch:

options:
  includeOriginalLine: false
  suppress: true

input:
  windowsEvent:
    module: logagent-input-windows-events
    # query events every 10 seconds
    interval: 10
    maxEvents: 1000

output:
  local-es:
    module: elasticsearch
    url: http://localhost:9200
    index: windows_events

If you're using Sematext Logs, the output would be:

output:
  sematext:
    module: elasticsearch
    url: https://logsene-receiver.sematext.com
    # for the EU datacenter, it's https://logsene-receiver.eu.sematext.com
    index: LOGSENE-APP-TOKEN-GOES-HERE

Run service installer:

node %ProgramData%\npm\node_modules\@sematext\logagent\bin\logagent-windows.js -install

To uninstall the service run

node %ProgramData%\npm\node_modules\@sematext\logagent\bin\logagent-windows.js -uninstall