Hi.
Trying to collect logs and analyze with graylog.
using the system
CentOS Linux 7 (Core)
Graylog
MongoDB
Elastic Search
Java
С помощью winlogbeat # Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: [“my ip adress:50443”]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
winlogbeat:
event_logs:- name: Application
- name: System
- name: Security
Filebeat # Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: [“my ip adress:50443”]
path:
data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows
filebeat.inputs: - type: log
enabled: true
paths:- C:\logs\log.log
NXlog define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Module xm_json
Module xm_syslog
Module im_msvistalog
Module om_tcp
Host 10.1.56.43
Port 12201
Exec to_syslog_ietf();
<Route 1>
Path eventlog => out
Logs are collected successfully, but I cannot analyze them.
I would like to do a filter on blocked accounts.
how to filter logs by event and display it in dashboards ?