Hello Experts, I am new to graylog and log management. Can you please guide me how can I effectively utilise the graylog for my log management and get the alerts. I have installed graylog to fulfill the PCI DSS requirements. I am using syslog from a switch and nxlog from windows server to get the logs into my graylog. Until now I got 60000 events. But I am struggling for below mentioned queries: 1.I am not able to find message id and index to create rules in streams in the logs/events? 2.How to add stream rules, what is user id? 3.Is it possible to get only security logs using syslog from device? How to configure that. Because I am not interface up/down events also from switch. 4.Where I can see sources that are sending logs to my servers and details like how many they are sending, and what are those events. 5.What is content packs and GROK patterns? 6.Is it possible to get reports from the graylog server?
Thanks for your help. Ranjit -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
