So my boss wants me to deploy this for our small network with mostly windows machines. After going through a lot of documentation, I feel I am more confused than I was. What I want to find out is what is really the best approach? The OVA noted that it’s purpose is to give us a feel for the product. By the way, I wasn’t able to get the feel as I really had no idea of how to configure it to pull windows logs.
From reading documentation, I am able to deploy graylog with CentOS 6 or 7 with prerequisites like Java, Elasticsearch and MongoDB. But I’ve also read somewhere that some folks have used NXlogs to pull logs from Windows Server 2012 R2. Nowhere did it say that this would also work for other Windows machines. However, I did come across utilizing sidecar and winlogbeat to pull windows event logs.
So now that I’m even more confused, it would be great if someone can chime in on what the best approach is to deploy graylog on our small network. Just to add, we will soon add Linux systems as well.
Thanks in advance,