Graylog Enterprise v3.2 is out in the world, customers are using it and loving it, and we want to share with you what we've learned from them.
Log management plays an important role in helping to debug Kubernetes clusters, improve their efficiency, and monitor them for any suspicious activity.
You can further improve your ability to extract meaningful and useful geolocation data by leveraging the functionality of pipelines and lookup tables.
There are several standardized log formats that are most commonly generated by a wide assortment of different devices and systems. It is important to understand how they operate and differ from one another.
Having additional data on logs that contain IP addresses that gives you their Geolocation helps in your investigations and understanding of your traffic patterns. Here's a guide to set up Graylog and enrich your data with this info.
Graylog has a few built-in lookup tables and common adapters to read in the data from various locations. In this article, we'll go over the steps needed to configure your lookup table.
In this blog post we'll set up the required AWS resources, configure the Graylog input, and do some basic searches to explore the capabilities of Cloudtrail logs.
O365beat is an exceptionally useful open-source log shipping tool created by counteractive. With a few simple tweaks, it can be used to fetch Office 365 audit logs from the Office 365 Management Activity API and forward them to Graylog.
Graylog sidecar can create and manage a centralized configuration for a filebeat agent, to gather logs from a local server that is not part of the Windows Event Channel and across all your infrastructure hosts.
A Syslog server is, by all basic terms, a centralized logging solution. While you might have more than one Syslog server, with Graylog you can accomplish all logging in one centralized spot.
