Re: [graylog2] Re: Can you import Exchange 2013 Audit logs into Graylog?

I forgot to post it when I got finished. Will reply to the group in the morning. Sent from my iPhone > On Jan 22, 2017, at 6:21 PM, Wil Hutchins wrote: > > How did you guys go with getting Exchange 2013 info into Graylog? > >> On Saturday, 21 May 2016 11:56:27 UTC+10,

[graylog2] Can you import Exchange 2013 Audit logs into Graylog?

Have you tried powershell? As I recallthere's a Get-Auditlog cmdletmy syntax may be off. But...if you could grab it that way, even in a scheduled task...you could use export-csv syntax to get it to output I can turn it in at my office and figure it outwhat info do you want out of

[graylog2] Good list of rules?

GL2 is an incredible tool...and I'm learning more and more each day. I've been through the docs and ask through the groups here...great info. Just a questionthe more rules I build, the more I wonder what I'm missing Ate there any good places to go for rules creation? I work on Windows

[graylog2] Re: Can you import Exchange 2013 Audit logs into Graylog?

How did you guys go with getting Exchange 2013 info into Graylog? On Saturday, 21 May 2016 11:56:27 UTC+10, Dustin Tennill wrote: > > That sounds pretty interesting, and I would like to help. > > I was planning on trying to get a script together that would send message > tracking logs into

[graylog2] Re: help input failing : graylog input format

Le dimanche 22 janvier 2017 21:50:02 UTC, jony a écrit : > > i would like to connect many servers to graylog through tcp ,so i guess i > need a new input for each server ,and a different port number for each one > ,right ? > > Le dimanche 22 janvier 2017 16:39:35 UTC, Jochen Schalanda a écrit

[graylog2] Re: help input failing : graylog input format

i would like to connect many servers to graylog through tcp ,so i guess i need a new input for each server ,and a different port number for each one ,right ? Le dimanche 22 janvier 2017 16:39:35 UTC, Jochen Schalanda a écrit : > > Hi, > > On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote:

[graylog2] Re: help input failing : graylog input format

Hi, On Sunday, 22 January 2017 14:06:40 UTC+1, jony wrote: > > i think it is text based but can you confirm that to me ,here's a link of > the detailed log format : https://kb.cyberoam.com/default.asp?id=1808 > This looks relatively easy to parse with extractors or the message processing

Re: [graylog2] my first syslog input is failing

Hi Jochen, After swittching the receiver to 1514, and a reboot, the server is receiving messages now. However, when I change the user back to "graylog", and restart, after about 1 minute, it crashes with 1000's of errors. Swithing back to root fixes it. I think I should reload the server and

Re: [graylog2] my first syslog input is failing

Hi Jochen, Understand about the security implications. Thank you for pointing out ;) On the receipt issue, yes, I'm sure there is not a network issue, on the graylog server I'm receiving the packet. It's just not showing up in Graylog: [root@server]# tcpdump -nnvvi ens32 port 514 tcpdump:

[graylog2] Re: help input failing : graylog input format

thanks a lot Jochen ,the best (y) , i think it is text based but can you confirm that to me ,here's a link of the detailed log format : https://kb.cyberoam.com/default.asp?id=1808 For the port number ;let's say i have 30 inputs all using tcp ,if i choose for each one a different port number

[graylog2] Re: help input failing : graylog input format

Hi, On Saturday, 21 January 2017 23:00:58 UTC+1, jony wrote: > > Can someone please help me. I've tried different types of input in the > list but none of them seems to enable the connection ,and my input fails . > If the format is text-based, you can use a Raw/Plaintext UDP or TCP input and

[graylog2] Re: Graylog SaltStack Formula in the marketplace

Hi Brandon, thanks for sharing! Cheers, Jochen On Sunday, 22 January 2017 09:59:13 UTC+1, BKeep wrote: > > I have been working on this for a little while and wanted to share what I > have so far. I created a SaltStack formula for deploying Graylog. I also > created supporting formulas for

Re: [graylog2] my first syslog input is failing

On Sunday, 22 January 2017 12:54:20 UTC+1, Jochen Schalanda wrote: > > On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote: >> >> Changed user to root, restarted server, and the input is starting ok now. >> >> > > From a security perspective, that's a very bad idea and I'd recommend to >

Re: [graylog2] my first syslog input is failing

Hi Jason, On Sunday, 22 January 2017 06:19:21 UTC+1, JayJay wrote: > > Changed user to root, restarted server, and the input is starting ok now. > >From a security perspective, that's a very bad idea and I'd recommend to use one of the other mechanisms described in the documentation:

[graylog2] Graylog SaltStack Formula in the marketplace

I have been working on this for a little while and wanted to share what I have so far. I created a SaltStack formula for deploying Graylog. I also created supporting formulas for Elasticsearch and MongoDB that support a Graylog install, which are linked form the README. If anyone is using Salt