Debian 9 64 Bits – Graylog 2

par nadmin · 5 mars 2019

Basé sur http://docs.graylog.org/en/2.5/pages/installation/os/debian.html

Script d’installation sur :

https://gitlab.nadus.fr/root/script-bash.git

Autoriser Java a écouter les ports < 1024 :

apt-get install libcap2-bin
setcap cap_net_bind_service=+epi /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

Configuration des clients :

nano /etc/rsyslog.conf

#Ajout en dernière ligne
*.* @10.10.1.28:10514;RSYSLOG_SyslogProtocol23Format

Pour les clients pfSense ;

Aller dans Status > System Logs > Settings

Passer sur Syslog-ng

https://marketplace.graylog.org/addons/f2e0208f-9935-4bf5-b20d-f0562237b236

NXLOG (windows)

c:\program files(x86)\nxlog^conf\nxlog.conf

Panic Soft
#NoFreeOnExit TRUE

define ROOT     C:\Program Files (x86)\nxlog
define CERTDIR  %ROOT%\cert
define CONFDIR  %ROOT%\conf
define LOGDIR   %ROOT%\data
define LOGFILE  %LOGDIR%\nxlog.log
LogFile %LOGFILE%

Moduledir %ROOT%\modules
CacheDir  %ROOT%\data
Pidfile   %ROOT%\data\nxlog.pid
SpoolDir  %ROOT%\data

<Extension _gelf>
   Module       xm_gelf
</Extension>

<Extension _charconv>
    Module      xm_charconv
    AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>

<Extension _exec>
    Module      xm_exec
</Extension>

<Extension _fileop>
    Module      xm_fileop

    # Check the size of our log file hourly, rotate if larger than 5MB
    <Schedule>
        Every   1 hour
        Exec    if (file_exists('%LOGFILE%') and \
                   (file_size('%LOGFILE%') >= 5M)) \
                    file_cycle('%LOGFILE%', 8);
    </Schedule>

    # Rotate our log file every week on Sunday at midnight
    <Schedule>
        When    @weekly
        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
    </Schedule>
</Extension>

<Input eventlog>
    Module im_msvistalog
    <QueryXML>
        <QueryList> 
            <Query Id="0">
                <Select Path="Application">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
                <Select Path="System">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
                <Select Path="Security">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
			    <Select Path="Setup">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
			    <Select Path="Windows Powershell">*</Select>
			    <Select Path="Microsoft-Windows-TaskScheduler/Operational">*</Select>
	        	<Suppress Path="Security">*[System[(EventID=4689 or EventID=5158 or EventID=5440 or EventID=5444)]]</Suppress> 
			    <Suppress Path="Windows PowerShell">*[System[(EventID=501 or EventID=400 or EventID=600)]]</Suppress> 
            </Query>
        </QueryList> 
    </QueryXML>
</Input>

<Output out>
    Module      om_udp
    Host        10.168.50.166
    Port        12514
    OutputType  GELF_UDP
</Output>

<Route 1>
    Path    eventlog => out 
</Route>

Debian 9 64 Bits – Graylog 2

Vous aimerez aussi...

Laisser un commentaire Annuler la réponse

Articles récents

Commentaires récents

Archives

Catégories

Méta

Debian 9 64 Bits – Graylog 2

Vous aimerez aussi...

Check_MK et Grafana

LNMP – Linux Nginx MariaDB PHP7

SAMBA 4 – Installation TranquilIT

Laisser un commentaire Annuler la réponse

Articles récents

Commentaires récents

Archives

Catégories

Méta