Tested with Filebeats 18.104.22.168 / Windows 2022 / Graylog 5.1.4
The Content Pack should be compatible with all Graylog 5.X version.
Note this was built using filebeats as the log exporter. No inputs extractor were used, only pipeline rules.
Do not need additionnal Grok pattern, uses the default like WORD/GREEDYDATA etc…
- Input (Beats/TCP/5044)
- Stream (Filebeat)
- Pipeline Rules w/ 4 stages (grok extractor, opcode_to_op_description, mac_prefix_extractor, mac_prefix_to_mac_vendor)
- Lookup table + Data adapter + data cache
- Dashboard (24h) (Windows DHCP Server)
Add it to your Graylog server in /srv or if different location, modify the content_pack.json to change location path.
- Graylog 5.0
- Windows DHCP server configured
- A log exporter/collector such as filebeats monitoring the directory path specified: (C:\Windows\system32\dhcp)