Graylog log analizy Active directory

Hi.
Trying to collect logs and analyze with graylog.
using the system
CentOS Linux 7 (Core)
Graylog

MongoDB

Elastic Search

Java

С помощью winlogbeat # Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
hosts: [“my ip adress:50443”]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:

  • windows
    winlogbeat:
    event_logs:
    • name: Application
    • name: System
    • name: Security

Filebeat # Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
hosts: [“my ip adress:50443”]
path:
data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:

  • windows
    filebeat.inputs:
  • type: log
    enabled: true
    paths:
    • C:\logs\log.log

NXlog define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_json


Module xm_syslog


Module im_msvistalog









Module om_tcp
Host 10.1.56.43
Port 12201
Exec to_syslog_ietf();

<Route 1>
Path eventlog => out

Logs are collected successfully, but I cannot analyze them.
I would like to do a filter on blocked accounts.

how to filter logs by event and display it in dashboards ?

There is an entire section on Dashboards and how to create them in the documentation here. Does that help?

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.