Forked from jaycdave88/Datadog PowerShell + win32_event_log setup
Last active
November 29, 2023 20:44
-
-
Save collin-sanford/49621348d986d546eb4be6a292aefac0 to your computer and use it in GitHub Desktop.
PowerShell script to install latest Datadog Windows agent. Enable logs, live process, and configure win32_event_logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download agent | |
| (Invoke-WebRequest https://s3.amazonaws.com/ddagent-windows-stable/datadog-agent-7-latest.amd64.msi -OutFile c:\datadog-agent-7-latest.amd64.msi) | |
| # Download .NET Tracer v2.42x64 .msi | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| (Invoke-WebRequest https://github.com/DataDog/dd-trace-dotnet/releases/download/v2.42.0/datadog-dotnet-apm-2.42.0-x64.msi -OutFile c:\datadog-dotnet-apm-2.42.0-x64.msi) | |
| # Start the Datadog agent | |
| (Start-Process -Wait msiexec -ArgumentList '/qn /i c:\datadog-agent-7-latest.amd64.msi APIKEY=xxx HOSTNAME="my_hostname" TAGS="mytag1,mytag2"') | |
| # Start .NET Tracer v2.42x64 | |
| (Start-Process -Wait msiexec -ArgumentList '/qn /i c:\datadog-dotnet-apm-2.42.0-x64.msi') | |
| # Enable logs and live process | |
| ((Get-Content -path C:\ProgramData\Datadog\datadog.yaml -Raw) -replace '# logs_enabled: false','logs_enabled: true') | Set-Content -Path C:\ProgramData\Datadog\datadog.yaml | |
| (Add-Content C:\ProgramData\Datadog\datadog.yaml "`nprocess_config:`n enabled: true" ) | |
| # Delete Datadog agent .msi & .NET tracer agent v2.42x64 | |
| (Remove-Item -Path c:\datadog-agent-7-latest.amd64.msi) | |
| (Remove-Item -Path c:\datadog-dotnet-apm-2.42.0-x64.msi) | |
| # Configure win32_event_log | |
| echo "init_config: | |
| instances: | |
| - type: | |
| - Information | |
| - Critical | |
| - Error | |
| - Warning | |
| - Information | |
| - Audit Failure | |
| - Audit Success | |
| log_file: | |
| - Application | |
| - System | |
| - Security | |
| - Application | |
| - Setup | |
| - Symantec Endpoint Protection Client | |
| logs: | |
| - type: windows_event | |
| channel_path: Application | |
| source: Application | |
| service: Application | |
| sourcecategory: windowsevent | |
| - type: windows_event | |
| channel_path: Security | |
| source: Security | |
| service: Security | |
| sourcecategory: windowsevent | |
| - type: windows_event | |
| channel_path: System | |
| source: System | |
| service: System | |
| sourcecategory: windowsevent | |
| - type: windows_event | |
| channel_path: Setup | |
| source: Setup | |
| service: Setup | |
| sourcecategory: windowsevent" > C:\ProgramData\Datadog\conf.d\win32_event_log.d\conf.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment