Skip to content
This repository was archived by the owner on Jul 16, 2024. It is now read-only.

Jil/graylog-adfs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
content_pack.json
content_pack.json
 
 

Repository files navigation

graylog-adfs

ADFS Content Pack for Graylog. Based on ADFS 3.0 (Windows 2012 R2)

Contains

  • an input for ADFS event logs
  • a set of extractors for some events
  • a simple dashboard

nxlog fowarder configuration

## AD FS logs to the right collector

<Input in>
    Module      im_msvistalog
	Exec        if ($SourceName !~ /^AD FS/) drop();
</Input>

<Output out>
    Module      om_udp
    Host        your-graylog-server.youdomain.here
    Port        5001
    OutputType  GELF
</Output>

<Route 1>
    Path        in => out
</Route>

INSTALL

You must perform two search and replace before importing the JSON file in Graylog:

  • CONTOSO.COM by your full domain name
  • CONTOSO by your short domain name That is because user may log in with UPN or not and the logs do not standardize the login representation.

About

ADFS Content Pack for Graylog

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published