Question for the implementation of Graylog

I plan to set up a graylog server in my company

I’ve established a few parameters and I also have a few questions to make sure I’m heading in the right direction:

For the hardware configuration of the machine, I found what I needed, I put 60GB of disk size because I don’t really know how the increase will evolve

I planned to monitor as logs:

-For WINDOWS machines in GELF UDP format with NXLOG to send log

  • logs on authentications & connection failure

  • shutdowns of Windows VMs
    -for Active Directory an alert when a user account is locked

  • LINUX: UDP syslog format

  • SSH connection

  • Are there other parameters to monitor?

  • FIREWALL: UDP syslog format

  • VPN connection success and failure tracking

  • SWITCH: what format?

  • SSH connection
    -How to monitor and detect network loops via graylog?>
    -how to send switch logs to a graylog server? nxlog? syslog?

How configure easy nxlog?

Why collect logs in UDP or TCP format, what is the difference and why is UDP more used than TCP?

The important difference between GELF and syslog? Possible to collect stormshield/linux logs in GELF format?

Thank you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.