Log Integration (Imperva / Incapsula logs to Graylog)

I have setup the Graylog server to receive log from Imperva WAF. Imperva is communicating with the Graylog server.

However, I cannot continue to configure the Gralog server to get inputs/logs from Imperva, because the help on the Imperva blog site is outdated - https://www.imperva.com/blog/imperva-cloud-waf-and-graylog-part-ii-how-to-collect-and-ingest-siem-logs/

Legacy “collectors” are used instead of sidecars and content pack input is for Graylog3.x while the new version of Graylog installed is 4x

Please help with latest documentation or advise to configure Graylog 4.2.1 to get logs from Imperva and how to get the latest content pack.

Configure the Output and Input of the collectors or Sidecar

Configure a New Log Collector in Graylog

Configure sidecar collector

Creating Log Inputs and Extractors with Incapsula

Download the correct Incapsula SIEM package for Graylog from Github and get the latest .json file for graylog 4.x

Hello && Welcome

You need to acquire information from the Graylog Original Documentation first. Third party instruction can be misleading specially out dated ones.

As for your questions:

I believe this Documentation below is what you need to get a better understand.

Getting Started With Graylog

If you have any troubles/questions while executing Graylog doc’s during your install, you can ask question here and we would be able to help.

Please take note on the template that pops up when creating a post that is to help us, help you.

The post below may help for a better understanding what’s needed prior to posting in the forum.

–Thanks and Hope that helps

so patient… :upside_down_face: … so patient…

1 Like