Active Directory Auditing

RemyDePoorter · March 1, 2023, 7:25pm

Hello,
I’m new here. I would like to use Graylog 5.0 to audit Windows active directory and send a mail in case of threats.

So I have installed OpenSearch and NXLogs.

I would like to use this package: GitHub - reighnman/Graylog_Content_Pack_Active_Directory_Auditing
But I have an error when importing the json file

How can I solve this?

chris.black-gl · March 1, 2023, 7:29pm

Sorry to be the bearer of bad news, but it’s too old.

“Tested with nxLog/Windows 2008R2 Domain Controllers/Graylog 1.2”

Graylog 1.2 was EOL by 2016. There have been several major changes since then that could render these older content packs obsolete.

gsmith · March 1, 2023, 10:40pm

Perhaps try this see if it works, plus its newer then the one you have.

If not there are work-arounds you could do if you want to keep open version.

system · March 15, 2023, 10:40pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory Auditing (WinLogBeats) - Graylog 3.0.2+ Content Pack content-pack	1	6241	August 25, 2022
How to Log Using Active Directory Auditing (WinLogBeat) Graylog Add-ons sidecar , winlogbeat	1	1066	December 25, 2020
Monitoring System Administrators Graylog Central (peer support) sidecar , nxlog , filebeat-linux , filebeat-windows , winlogbeat , nodatanx	10	1804	June 26, 2019
File Access Monitoring on Windows Server Graylog Central (peer support) sidecar , winlogbeat	5	4111	November 4, 2020
Anyone Monitoring Windows Desktops? Graylog Central (peer support) sidecar , winlogbeat	4	1331	October 23, 2018