Grok for auth.log

does someone someone have a complete GROK to parse the auth.log?

Which auth.log do you mean, please be more specific.

on debian-(based)-systems /var/log/auth.log

Maybe you can use filebeat as a example:

1 Like

ok thanks… I’ll try that…
but its sad that graylog doesn’t have standard build-in things… (like auth.log, apache-access/error.log, etc… )

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.