Collecting Office365 & AzureAD audit logs using Graylog and Office Audit Collector

Hello,

we have implemented " Collecting Office365 & AzureAD audit logs using Graylog and Office Audit Collector"

Initially, I have scheduled the job in crontab every 10 minutes but the collecting job generates heavy load on the graylog server.

Several LINUX-OfficeAuditLogCollector-V2.1 processes generate load over 5 which doesn’t come down anymore. The only help is to reboot the server.

Tasks: 255 total, 5 running, 250 sleeping, 0 stopped, 0 zombie
%Cpu(s): 83.3 us, 0.5 sy, 15.7 ni, 0.0 id, 0.0 wa, 0.4 hi, 0.1 si, 0.0 st
MiB Mem : 7661.0 total, 982.5 free, 4179.2 used, 2811.6 buff/cache
MiB Swap: 3072.0 total, 2031.2 free, 1040.8 used. 3481.8 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

148854 root 20 0 3390676 113352 30708 R 138.9 1.4 45:23.07 /root/OF365Azure-collector/LINUX-OfficeAuditLogCollector-V2.1 c9395c77-f144-4855-982c-97a9a1592bed 99a1fd4a-cb39-41a3-accf-929d6ee0+
119119 root 20 0 3390684 120892 30124 S 137.2 1.5 123:14.45 /root/OF365Azure-collector/LINUX-OfficeAuditLogCollector-V2.1 c9395c77-f144-4855-982c-97a9a1592bed 99a1fd4a-cb39-41a3-accf-929d6ee0+

Changing the interval in crontab to every 20 minutes did not help.

Thanks for any suggestions.
Miloš

Am I understanding correctly that you are using GitHub - ddbnl/office365-audit-log-collector: Collect / retrieve Office365, AzureAD and DLP audit logs and output to PRTG, Azure Log Analytics Workspace, SQL, Graylog, Fluentd, and/or file output. , and when using that you are seeing it have high CPU usage?

If this is the case, this is not code written, maintained, nor supported by graylog. I suggest reaching out to that developer and/or opening an issue in their github repo.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.