Build Correlation

tharu85 · May 31, 2017, 1:50pm

I tried to build a correlation using log sources. As per my requirement I need to filter a source_ip address from one log source which has been blocked by IPS and I need to checked that blocked source_ip with another log source, source_ip whether matching attemps are there ?

source:server_a AND status:blocked AND srcip: (should match with) source:server_b AND scrip

Tried several possible logical condition. But unable to create it. Any idea on this are warmly welcome

jan · May 31, 2017, 3:11pm

Maybe this plugin can help you - but with vanilla Graylog that is not possible.

tharu85 · May 31, 2017, 6:07pm

How to I install given plugin in Graylog ?

jan · June 1, 2017, 7:22am

please read the documentation.

system · June 15, 2017, 7:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combining Searched Log Outputs Graylog Central (peer support)	1	431	November 27, 2017
Same field answer Graylog Central (peer support)	8	264	February 16, 2023
Graylog with NGINX udp proxy, keep source ip Graylog Central (peer support) pipeline-rules	2	849	November 19, 2020
Graylog v3.3 - simple search with numbers (usually) fail Graylog Central (peer support) pipeline-rules	5	1278	October 16, 2020
Advanced Searches - Graylog Graylog Central (peer support)	1	599	November 15, 2017

Build Correlation

Related topics