Graylog Active Directory

Log collection and analysis from Active Directory.

Collecting logs with winlogbeat ,nxlog,filebeat

I see the logs, but I don’t see account lockouts, for example.
My configuration in NXlog/
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_json

Module xm_syslog

Module im_msvistalog

[System[(EventID=6 or EventID=13 or EventID=64 or EventID=65 or EventID=7036)]]

Exec $Message = to_json();

Module om_tcp
Host “my ip”
Port 12201
Exec to_syslog_ietf();

<Route 1>
Path eventlog => out

Hello & Welcome @barfly

I’m not sure what’s going on in this post.

Perhaps take a look here

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.