How monitoring eventlog from 2 domains controlers


(santyuste) #1

Hello,
I want to monitoring all eventlogs from 2 domains controlores.
how can monitoring graph this from kibana

Thans


(Lukas Olson) #2

I'm not sure I understand your question. Are you already indexing the event logs into Elasticsearch? What exactly are you struggling with?


(santyuste) #3

Hello Lukas

I installed ossec-wazzuh with kibana on linux server
i want to monitoring winddows eventlog from 2 active directory servers.
I have configured agent in linux for this servers and install ossec agent in windows server

The configuration agent from windows is
<ossec_config>

192.168.12.14

</ossec_config>

Application eventlog Security eventlog System eventlog

I recibe this log in kibana:

{"rule":{"level":3,"comment":"Windows User Logoff.","sidid":18149,"firedtimes":1,"groups":["windows"],"PCI_DSS":["10.2.5"]},"dstuser":"Administrador","full_log":"2016 Jun 07 10:33:48 WinEvtLog: Security: AUDIT_SUCCESS(551): Security: Administrador: PC-XP: PC-XP: Cierre de sesi\xF3n iniciada por el usuario: Nombre usuario: Administrador Dominio: DOM.local Id. de inicio de sesi\xF3n: (0x0,0xb73d9) ","id":"551","status":"AUDIT_SUCCESS","data":"Security","systemname":"PC-XP","decoder":{"name":"windows"},"hostname":"agent01","agentip":"any","timestamp":"2016 Jun 07 10:33:51","location":"WinEvtLog"}

Please, how can i do for add daskboard in kibana graphic interface
for the eventolog monitoring?


(system) #4