Graylog Active Directory

barfly · July 15, 2022, 9:37am

Hello.
Log collection and analysis from Active Directory.

Collecting logs with winlogbeat ,nxlog,filebeat

I see the logs, but I don’t see account lockouts, for example.
My configuration in NXlog/
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_json

Module xm_syslog

Module im_msvistalog
Query

[System[(EventID=6 or EventID=13 or EventID=64 or EventID=65 or EventID=7036)]]

Exec $Message = to_json();

Module om_tcp
Host “my ip”
Port 12201
Exec to_syslog_ietf();

<Route 1>
Path eventlog => out

gsmith · July 15, 2022, 9:59pm

Hello & Welcome @barfly

I’m not sure what’s going on in this post.

Perhaps take a look here

system · August 8, 2022, 6:28am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows Event Log - Security Graylog Central (peer support)	3	1979	July 1, 2019
Question on greylog and events from Windows AD controller Graylog Central (peer support)	3	102	February 15, 2024
Graylog shows eventlog from a machine but not IIS logs Graylog Central (peer support) sidecar , nxlog , nodatanx	4	1095	December 24, 2018
Stuck newbie can't search and display Graylog Central (peer support)	3	509	July 9, 2018
Exchange Login Tracking Graylog Central (peer support) sidecar , nxlog , nodatanx	1	1215	September 3, 2018

Graylog Active Directory

Related Topics