Graylog N00b- Sidecar/Winlogbeat config- Event ID 4625

TuscanySteve · August 21, 2019, 5:36pm

Hello all;

So, I’m using GL 3.1.0 and the new Sidecar to capture all SYS/APP/SEC logs from 18 servers; which is great but I’d like to configure an instance Sidecar for a single event id- 4625, failed logon attempt to meet regulations. Being new to this realm, I’m overwhelmed on how to do so. My thanks in advance!

system · September 4, 2019, 5:47pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sidecar eventid 4740 (Account locked out) is not forwarded to graylod Graylog Central (peer support) pipeline-rules	5	802	October 3, 2022
Winlogbeat drop_event.when.not.or: not working - Sidecar Version 1.5, Graylog 5.2 Graylog Central (peer support) sidecar , winlogbeat	4	771	December 11, 2023
Sidecar + WinLogBeat: Problem with JSON? Graylog Central (peer support) sidecar , winlogbeat	1	875	August 3, 2017
Winlogbeat "publishes" fine but specific events aren't seen in Graylog Graylog Central (peer support) sidecar , winlogbeat	1	1064	April 13, 2021
Graylog Sidecar Graylog Central (peer support) sidecar , nxlog , filebeat-windows , winlogbeat , nodatanx	7	2342	May 21, 2020

Graylog N00b- Sidecar/Winlogbeat config- Event ID 4625

Related topics