Graylog Tutorials?


#1

Does anyone know some resources for Graylog tutorials? I graduated 4 months ago and the company I got hired with uses Graylog. My boss says, “Go verify that $user hasn’t been up to anything fishy like exfiltrating company data.” All I have is monitoring dashboard set up by our senior sysadmin before he was fired and some streams with names like “IDS Events” etc. I’ve read Graylog’s setup guides but that really hasn’t helped. I’m absolutely willing to put in the screen time to get up to speed, I just haven’t found any good resources yet. Thanks!


(Jan Doberstein) #2

the problem we have @LinuxNoob - we do not know how your data is already normalized and enriched. You request how to search and compare in your data, but how this data look has a massive influence on how you can work with the data.

Even the kind of IDS you have might behave differently from what others have.

My advice, look into the logs you have. Look for the dashboards and streams that are already prepared. Then explore the data.

http://docs.graylog.org/en/2.4/pages/queries.html


#3

That’s also a problem for me. I didn’t set any of this up and the person that did is gone. Thank you for the advice though!


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.