Group Membership logs

tfed · February 20, 2019, 8:29pm

We are not getting any logs for group membership changes. We are using the AD content pack and we don’t have any matching event id’s in our windows logs EventID:631 OR EventID:635 OR EventID:658 OR EventID:4727 OR EventID:4731 (Group Creation). None of the other group logs are coming through either. I have made sure the audit policy changes are applied. Any ideas?

jan · February 21, 2019, 8:40am

how did you collect the logs? How is the collector configured?

Totally_Not_A_Robot · February 21, 2019, 11:57am

Just to ask the silly questions first:

I assume you’re collecting the logs on all AD controllers, right?
How are you collecting these logs? (like Jan asked)
Are other logs from all AD controllers coming in?

First up, make sure that all AD DCs are logging into Graylog properly.

system · March 7, 2019, 11:57am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Any up to date info on Graylog 4x and logging of active directory (Win 2016 functional level)? Graylog Central (peer support)	40	1438	February 8, 2022
New greylog references of the new version Graylog Central (peer support)	2	485	December 2, 2022
Filter "AND NOT IN" Graylog Central (peer support)	3	599	September 7, 2018
Active directory Logs Graylog Central (peer support)	2	219	November 14, 2023
Graylog 3 AD Dashboard Graylog Central (peer support)	2	389	November 22, 2022

Group Membership logs

Related Topics