Making the most of Graylog

Hi all,
I have Graylog in my infrastructure and quite like it. we have just routers, SWs, FWs, servers and clients.
What I actually am doing is just collecting the logs. I have also set some streams and alerts and have cool dashboards but this is not enough for me! I receive also alerts but I like to do more. For example log analysis, rootkit/malware detection or any malicious activity.

please share your experiences with me.

Thank you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.