Hi Josh, Graylog currently doesn't have a dedicated audit log. You can use the normal log output of Graylog (see https://github.com/Graylog2/graylog2-server/blob/1.2.1/graylog2-bootstrap/src/main/resources/log4j.xml) for something similar.
Cheers, Jochen On Tuesday, 13 October 2015 10:21:57 UTC+2, Josh Scott wrote: > > I am trying to chase down where the logs for Graylog itself are kept. > Specifically I am trying to locate the audit logs for users that have > accounts in Graylog. We are currently using LDAP against one of our Domain > Controllers to authenticate. I want to find out when a user logged in. It > would also be nice to be able to identify if any failed login attempts were > made using local accounts. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/34235f42-09bb-449a-83f4-8ca1f3c2012c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
