Re: [graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Wil Hutchins]

If it's got the info, sure!

Sent from my iPhone

> On 24 Jan 2017, at 9:37 am, Tom Powers  wrote:
> 
> I got farther on this todayyou did say you wanted XML format?
> 
> TP
> 
>> On Monday, January 23, 2017 at 5:51:58 AM UTC-6, Wil Hutchins wrote:
>> Hey Tom, 
>> 
>> Message tracking logs primarily. 
>> 
>> Sent from my iPhone 
>> 
>> > On 23 Jan 2017, at 12:14 pm, Tom Powers  wrote: 
>> > 
>> > Have you tried powershell?   As I recallthere's a Get-Auditlog 
>> > cmdletmy syntax may be off. But...if you could grab it that way,  even 
>> > in a scheduled task...you could use export-csv syntax to get it to output 
>> > 
>> > I can turn it in at my office and figure it outwhat info do you want 
>> > out of it? 
>> > 
>> > Tp 
>> > 
>> > -- 
>> > You received this message because you are subscribed to the Google Groups 
>> > "Graylog Users" group. 
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > email to graylog2+u...@googlegroups.com. 
>> > To view this discussion on the web visit 
>> > https://groups.google.com/d/msgid/graylog2/807410fd-3d84-4db2-9910-74978cfeeae1%40googlegroups.com.
>> >  
>> > For more options, visit https://groups.google.com/d/optout. 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/c146b248-357d-41d4-b960-c0695a9d861a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/FA1D610B-118A-41FF-91BA-2C382D69F051%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Tom Powers]

I got farther on this todayyou did say you wanted XML format?

TP

On Monday, January 23, 2017 at 5:51:58 AM UTC-6, Wil Hutchins wrote:
>
> Hey Tom, 
>
> Message tracking logs primarily. 
>
> Sent from my iPhone 
>
> > On 23 Jan 2017, at 12:14 pm, Tom Powers  > wrote: 
> > 
> > Have you tried powershell?   As I recallthere's a Get-Auditlog 
> cmdletmy syntax may be off. But...if you could grab it that way,  even 
> in a scheduled task...you could use export-csv syntax to get it to output 
> > 
> > I can turn it in at my office and figure it outwhat info do you want 
> out of it? 
> > 
> > Tp 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Graylog Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to graylog2+u...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/807410fd-3d84-4db2-9910-74978cfeeae1%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c146b248-357d-41d4-b960-c0695a9d861a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Wil Hutchins]

Hey Tom, 

Message tracking logs primarily.

Sent from my iPhone

> On 23 Jan 2017, at 12:14 pm, Tom Powers  wrote:
> 
> Have you tried powershell?   As I recallthere's a Get-Auditlog 
> cmdletmy syntax may be off. But...if you could grab it that way,  even in 
> a scheduled task...you could use export-csv syntax to get it to output
> 
> I can turn it in at my office and figure it outwhat info do you want out 
> of it? 
> 
> Tp
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/807410fd-3d84-4db2-9910-74978cfeeae1%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8468FAB7-039C-45B4-ADCF-9179C2DA3F39%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Tom Powers]

Have you tried powershell?   As I recallthere's a Get-Auditlog cmdletmy 
syntax may be off. But...if you could grab it that way,  even in a scheduled 
task...you could use export-csv syntax to get it to output

I can turn it in at my office and figure it outwhat info do you want out of 
it? 

Tp

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/807410fd-3d84-4db2-9910-74978cfeeae1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Can you import Exchange 2013 Audit logs into Graylog?

[Rob]

Hi,

I have my Windows Event logs going to my Graylog servers like a charm - its 
great.

With Exchange 2013 if you turn on Auditing the logs are stored with the 
users mailbox and not in the Event log.

You can purchase 3rd party apps like Netwrix to send them to the Event log.

Is there a plugin or way to get the logs into Graylog say via nxlog without 
using a paid 3rd party app?

There is a way to export the logs to an xml file - so maybe a scheduled 
task could be created to create the xml files and the nxlog could send to 
Graylog?

Any suggestions, tips or pointing me to some doco or plugins would be much 
appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/798155e4-b9d3-4ced-bda3-5e1b9ddb6465%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.