Graylog Office 365

Could someone point me to any guidance on collecting logs from Office 365 into Graylog?

take a look,

What a clever answer.

I’ve obviously done that and not found any official guidance, only an unsupported script that doesn’t work any more.

Any other fantastic insights?

I spent the same time with answering what you spent with the question…

I hope it point to we need a bit more information to help.
So if you write what you did maybe it can help us, to give suggestion.

remote syslog server settings in office 365 (I don’t use 365, so I’m not sure it is what you want)

second google hit.

That one isn’t Graylog-specific either, and is only for Arcsight. I know there’s a way of forwarding logs from 365 to any log collector as I’ve done it before with another siem product. That product had a specific 365 listener, normaliser and documentation on how to set it up though which graylog doesn’t appear to have

In response for ‘what I did’ - nothing yet. I’m trying to find documentation or official guidance on how to get 365 logs into Graylog. I’m not sure what extra information I can give…

I saw CEF (Common Event Format) format also, and graylog knows a lot of CEF format. Try it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.