Hi
I am trying to create a stream that would filter my administrator logins and i am struggling to find some good documentation about this.
Anyone in here have any idea or did it already and working?
Thanks
Hi
I am trying to create a stream that would filter my administrator logins and i am struggling to find some good documentation about this.
Anyone in here have any idea or did it already and working?
Thanks
Hi @adrianrus
the documentation for GL is a starting point.
Can you please describe the term “filter” and what an admin log looks like?
I mean that i want to receive those log when the administrator account is used for login on that server
Hey @adrianrus
You may want to read this documentation.
Example:
Adding an appender and logger to the Log4j2 configuration file (log4j2.xml) as shown in the doc’s.
This example I’m using Nxlog with a input created to grab the log from restaccess.log noticed the names used " access". Side note Im using GELF TCP/TLS input so it auto creates the field SourceModuleName.
<Input access>
Module im_file
FILE "/var/log/graylog-server/restaccess.log"
SavePos TRUE
ReadFromLast TRUE
PollInterval 1
#Exec $Message = $raw_event;
</Input>
Results:
Widget:
NOTE: the restaccess.log file only shows the UUID of the user. So these must be turned into human readable data.
Or you can use the Graylog’s Operations/Enterprise edition. Under 2 Gb a day I believe its free.
EDIT:
I did some explaining here in Graylog Discord server.
Sorry, I misunderstood you.
This is in the subject “Windows admin login” and I assumed you want the admin logs of your Windows servers
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.