Hello,
I’m fairly new to Graylog.
I have set up Active Directory logs in Graylog.
Now I want to create a widget on a dashboard wich shows a querry of EventID:4740 including their usernames. Is this possible?
Hello and welcome,
Yes this is possible as shown below.
Steps taken:
- Graylog Version 4.0.7
- Elasticsearch 7.10
- MongoDb 4.2
- Installation from YUM package handler on CentOS7
- INPUT GELF/TCP/TLS
- Ensure AD DC has this event ID enabled (i.e. is it visible in Event Viewer)
And the rest you can see in the screen shot.
Hope that helps
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.