Hello,
I want to monitoring all eventlogs from 2 domains controlores.
how can monitoring graph this from kibana
Thans
I'm not sure I understand your question. Are you already indexing the event logs into Elasticsearch? What exactly are you struggling with?
Hello Lukas
I installed ossec-wazzuh with kibana on linux server
i want to monitoring winddows eventlog from 2 active directory servers.
I have configured agent in linux for this servers and install ossec agent in windows server
The configuration agent from windows is
<ossec_config>
192.168.12.14
</ossec_config>
I recibe this log in kibana:
{"rule":{"level":3,"comment":"Windows User Logoff.","sidid":18149,"firedtimes":1,"groups":["windows"],"PCI_DSS":["10.2.5"]},"dstuser":"Administrador","full_log":"2016 Jun 07 10:33:48 WinEvtLog: Security: AUDIT_SUCCESS(551): Security: Administrador: PC-XP: PC-XP: Cierre de sesi\xF3n iniciada por el usuario: Nombre usuario: Administrador Dominio: DOM.local Id. de inicio de sesi\xF3n: (0x0,0xb73d9) ","id":"551","status":"AUDIT_SUCCESS","data":"Security","systemname":"PC-XP","decoder":{"name":"windows"},"hostname":"agent01","agentip":"any","timestamp":"2016 Jun 07 10:33:51","location":"WinEvtLog"}
Please, how can i do for add daskboard in kibana graphic interface
for the eventolog monitoring?