Streams - Windows admin login

gsmith · January 10, 2023, 11:59pm

You may want to read this documentation.

Logging user activity

Example:
Adding an appender and logger to the Log4j2 configuration file (log4j2.xml) as shown in the doc’s.
This example I’m using Nxlog with a input created to grab the log from restaccess.log noticed the names used " access". Side note Im using GELF TCP/TLS input so it auto creates the field SourceModuleName.

<Input access>
    Module       im_file
    FILE         "/var/log/graylog-server/restaccess.log"
    SavePos       TRUE
    ReadFromLast  TRUE
    PollInterval  1
    #Exec  $Message = $raw_event;
 </Input>

Results:

Widget:

NOTE: the restaccess.log file only shows the UUID of the user. So these must be turned into human readable data.

Replacing UID with Username

Or you can use the Graylog’s Operations/Enterprise edition. Under 2 Gb a day I believe its free.

EDIT:

I did some explaining here in Graylog Discord server.

Discord

Topic		Replies	Views
Reports on Admin usage Graylog Central (peer support)	3	445	July 31, 2019
Log input for graylog users login attempts Graylog Central (peer support)	9	4111	February 16, 2018
Allow non-admin user to see all input logs Graylog Central (peer support)	5	1716	April 22, 2019
Rest Access Log Active Directory Users Query Graylog Central (peer support) pipeline-rules	10	1047	May 25, 2021
Streams Share: messages are not correctly displayed Graylog Central (peer support) basic-configuration	2	528	March 15, 2022

Streams - Windows admin login

Related Topics