Hello,
I try to follow this:
https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog
So, I enable the plugin “Threat Intelligence”
My input is like that:
My Stream is ok, so I create the pipeline:
But that do nothing:
And my field are not renamed:
Maybe I forget something?
Thank you.
Hi!
I’d check the execution order in Message Processors Configuration. If Pipeline Processor has lower number than Message Filter Chain, then that means his operations are executed before the input itself is divided by streams. Hence no changes.
Hello, Thank you for answer.
I have this :
So I supose it’s the probleme cause Pipeline is 3 and Message is 4.
Maybe you know how can I switch the order ?
Thank you.
Yeah, that’s it. Just click update and change the order. Pipeline should be the last, then it’ll be executed after the streams has been formed.
Ok, I switch.
But Pipeline still at 0 msg/s
Thank you for suggestion, but maybe I have another mistake.
Maybe. Anyway, I’d recommend to check, if the fields are actually renamed, as the msg/s indicator just shows how much it processes at the moment.
Damne, that works ! I just need to restart rsyslog-server !
Thank you so mutch !
Glad to hear! You’re welcome!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
