graylog – Mike Simmons

Graylog extractors for Sophos UTM logs

Posted on March 16, 2018March 16, 2018 by Mike

I have created nine extractors to get all the Sophos variables I needed to use.

Continue reading “Graylog extractors for Sophos UTM logs” →

Graylog format AccessList For Windows file events

Posted on March 16, 2018March 16, 2018 by Mike

I setup Graylog to collect all the windows event logs including file event logs on the file servers at work. I noticed that the winlogbeat_event_data_AccessList field was not what the event did rather a %%#### code. I decided to build a pipeline to format the winlogbeat_event_data_AccessList field into a new field I designated as AccessList.

Continue reading “Graylog format AccessList For Windows file events” →