I'm using the deploy.bat and update.bat you packaged with the add-on but I get errors If I run them from an admin command prompt but it still appears to work with the install . any ideas why the errors still occur?
C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-Sysmon-deploy\bin>update.bat
| was unexpected at this time.
then the update:
Fri 07/06/2018-16:43:19.28 The SplunkUniversalForwarder is installed at C:\Program Files\SplunkUniversalForwarder
Fri 07/06/2018-16:43:19.28 Checking for Sysmon
1
Fri 07/06/2018-16:43:19.28 Sysmon found, checking version
Fri 07/06/2018-16:43:19.28 Sysmon binary is outdated, un-installing
Stopping Sysmon.
Sysmon stopped.
Sysmon removed.
Stopping SysmonDrv..
SysmonDrv stopped.
SysmonDrv removed.
Removing service files.
Fri 07/06/2018-16:43:19.28 Sysmon not found, proceding to install
Fri 07/06/2018-16:43:19.28 Copying the latest config file
0% copied
100% copied 1 file(s) copied.
Fri 07/06/2018-16:43:19.28 Installing Sysmon
Fri 07/06/2018-16:43:19.28 Install failed
Sorry for the late response, but great thanks to @jdhunter for fixing the issue. I'll update the app on SplunkBase right away and incorporate the fix.
I would get the failed result regardless. I had to change the s to uppercase in "Sysmon installed" and that corrected all of the Install Failed messages I was receiving.
deploy.bat
echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit
You can use this command. I hope you'll not face any error and it'll work as you desired.
You need to correct some mistakes causing the error.
/accepteula -> -accepteula
c:\windows\config.xml -> "c:\windows\config.xml"
echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" -accepteula -i "c:\windows\config.xml" | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit