Enterprise Audit Setup?


Using Graylog 3.0.2. Just got Enterprise for my company and am trying to set up Audit logs, but the instructions here aren’t clear to me. I understand I should edit the server.conf AND log4j2.xml, but I do not see what specifically in the server.conf needs to be edited. auditlog_log4j_enabled, auditlog_log4j_logger_name, auditlog_log4j_marker_name are not fields that exist in server.conf, do I append them?

(Jan Doberstein) #2

if you want to have the audit logs just in the database that is done automatically.

if you want to have a seperate file you would need to adjust the log4j configuration and ADD the fields to the server.conf.

As this is an additional plugin the server.conf does not hold the settings.