Having additional data on logs that contain IP addresses that gives you their Geolocation helps in your investigations and understanding of your traffic patterns. Here's a guide to set up Graylog and enrich your data with this info.
O365beat is an exceptionally useful open-source log shipping tool created by counteractive. With a few simple tweaks, it can be used to fetch Office 365 audit logs from the Office 365 Management Activity API and forward them to Graylog.
Tools like Graylog are required for log management, aggregation, analysis, and monitoring in environments that make intensive use of Docker containers and Orchestration platforms.
Learn the difference between structured and unstructured logs, the basics of the JSON log format, what kind of information you can get when you parse log files, and which tools and utilities to use to perform log file parsing.
