I plan to set up a graylog server in my company
I’ve established a few parameters and I also have a few questions to make sure I’m heading in the right direction:
For the hardware configuration of the machine, I found what I needed, I put 60GB of disk size because I don’t really know how the increase will evolve
I planned to monitor as logs:
-For WINDOWS machines in GELF UDP format with NXLOG to send log
logs on authentications & connection failure
shutdowns of Windows VMs
-for Active Directory an alert when a user account is locked
LINUX: UDP syslog format
Are there other parameters to monitor?
FIREWALL: UDP syslog format
VPN connection success and failure tracking
SWITCH: what format?
-How to monitor and detect network loops via graylog?>
-how to send switch logs to a graylog server? nxlog? syslog?
How configure easy nxlog?
Why collect logs in UDP or TCP format, what is the difference and why is UDP more used than TCP?
The important difference between GELF and syslog? Possible to collect stormshield/linux logs in GELF format?