Send Wordpress server audit logs to Graylog

(ege) #1

Hello everyone,

I’ve asked this question before but because of some reasons, i can’t manage the topic, so I think that, fresh topic will be more useful for everyone.

I have graylog2 in my CentOS 7 server and now I can collect all log datas with this server.

And I have just finished Wordpress server in my another server ( both 2 server in the same network ). I need send these audit logs to my Graylog2 server and monitoring them.

How can I do it ?

Note: I have root privileges for both two server.

If they need any information from my servers I will be check here at certain intervals.

(Jochen) #2

Topics are automatically closed 14 days after the last reply.

You also didn’t reply to the questions in Send Wordpress audit logs to Graylog

(ege) #3

Yes, as I said because of some personal reasons I can’t work :frowning:

(Philipp Ruland) #4

Hey @egetkn,

how about answering the questions now? :slight_smile:

(ege) #5

Sure :slight_smile:

I think it stores somewhere inside of wordpress files or in the database of wordpress server. I can use bash script to reach Wordpress or I can find a way, this is easy part actually :slight_smile: . I need finout a way to send it. Here is my wordpress admin panes and the can see the audit part left of the screen.

(Jochen) #6

If you have access to the audit log entries, you can use any format and protocol Graylog supports, such as GELF, Syslog (RFC 5424), or new-line separated plaintext, to send them to Graylog and process them further.

(ege) #7

The question is, how ı will reach Wordpress log files and the config file of these logs have no ip adressing module. For example, in rsys logs, there are some settings that I can send them a specific IP adress and port but in this case, there nothing someting like this :frowning:

(Jochen) #8

What does that mean exactly. Please elaborate.

(ege) #9

So here is the deal;

Finally, I can find where wordpress stores it’s logs :slight_smile: they are in MySQL database and now I need to send them to graylog :slight_smile: .

As they can see from the SS, audit collect logs like this. My final question is, how I can import this databased log to Graylog2 server ?

Thanks for help :slight_smile:

(Jochen) #10

You could use Logstash with its JDBC input and GELF output for this.

(ege) #11

Hi again Jochen,

Do you know somewhere I can find better instructions.

Thanks again…

(Jochen) #12

You could pay somebody to develop a custom solution for you.

Other than that, you’ll either have to build a solution yourself or use the components already mentioned in this discussion.

(Andrea) #13

didn’t test it, but description seems fine:

hope this helps,

(system) closed #14

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.