Added fluentd support (thanks Added Azure Blob and Azure Table outputs.Added native timestamp field to logs for graylog output.Output to (Azure) SQL / CSV for Power BI.Output to PRTG for alerts on audit logs.Output to Graylog/fluentd for full audit trails in SIEM.Scheduling regular execution to retrieve the full audit trail.See the following link for more info on the management APIs. Also open to any other useful pull requests! ![]() ![]() Power BI (indirectly through SQL, CSV, Azure Tables or Azure Blob)įeel free to contribute other outputs if you happen to build any.Graylog (or any other source that accepts a simple socket connection).The following Audit logs can be extracted:.If you have any issues or questions, or requests for additional interfaces, feel free to create an issue in this repo. There are Windows and Linux executables.Ĭonfiguration is easy with a YAML config file (see the 'ConfigExamples' folder for reference). Onboarding is easy and takes only a few minutes (see 'Onboarding' section). If you were using it to prevent duplicate logs, set 'skipKnownLogs' to true instead.Ĭollect/retrieve Office365, Azure and DLP audit logs, optionally filter them, then send them to one or more outputs Generates a warning when used, but in the future it will be removed. In hindsight this parameter was a mistake. Sometimes logs are published to the API with a delayĪnd this causes issues with the 'resume' parameter. ![]() The 'resume' parameter has been deprecated. If this might be useful to you, you can find itįor sponsoring an all product license for their IDEs for this open source ![]() I was asked to write an article for the Graylog community, giving a more detailed look at how to use
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |