Graylog N00b- Sidecar/Winlogbeat config- Event ID 4625

Hello all;

So, I’m using GL 3.1.0 and the new Sidecar to capture all SYS/APP/SEC logs from 18 servers; which is great but I’d like to configure an instance Sidecar for a single event id- 4625, failed logon attempt to meet regulations. Being new to this realm, I’m overwhelmed on how to do so. My thanks in advance!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.