Stuck newbie can't search and display

Graylog Central (peer support)
1

I’m stuck.

Single server seems installed properly. Successfully access port 9000 from any domain machine.

No server.log ERRORs.

Several different Windows servers collectors send NXLOG to Graylog.

Content Packs downloaded include Active Directory, DNS, HTTP Web, Security.

Setup some inputs, (Global: GELF TCP, GELF-UDP); (Local: GELF UDP, Syslog UDP, Raw/Plaintext UDP, GELF TCP)
Example:
org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.emptyMessages
org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.incomingMessages

 Meter

 Total:     0 events
 Mean:    0 events/second
 1 minute avg:     0 events/second
 5 minute avg:     0 events/second
 15 minute avg:   0 events/second
            org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.org.graylog2.inputs.transports.UdpTransport.worker.executor-service.completed

 Meter
 Total:     0 events
 Mean:    0 events/second
 1 minute avg:    0 events/second
 5 minute avg:    0 events/second
 15 minute avg:  0 events/second

org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.org.graylog2.inputs.transports.UdpTransport.worker.executor-service.duration

org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.org.graylog2.inputs.transports.UdpTransport.worker.executor-service.running

org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.org.graylog2.inputs.transports.UdpTransport.worker.executor-service.submitted

 Meter

 Total:     8 events
 Mean:    0 events/second
 1 minute avg:    0 events/second
 5 minute avg:    0 events/second
 15 minute avg:  0.15 events/second

org.graylog2.inputs.raw.udp.RawUDPInput.5b11aa2fd374f5042eaf57de.rawSize

Need to setup a search and then display on dashboard, but am missing something because I don’t know where to begin from this point. I cannot locate concrete example from which I can extrapolate.

2

what is the question you have to your logfiles?

You should think of something specific and than look into get this done. When you have DNS Server logfiles, create a Dashboard that shows you the DNS Questions, who asked them. Where they are forwarded and so on.

When you have webserver logfiles, extract who had accessed what on your website. What is the most visited page, what is the average traffic one IP has.

Such questions will help you to get into the field.

3

K. Thx.

EXAMPLE 1:
Dashboard:
Domain Login Attempt.Fails (Windows Active Directory):
Username
Computer Name/IP
Number of Attempts

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.