Today we are releasing Graylog v3.0.1 with a few bug fixes. Many thanks to our community for reporting issues and contributing fixes!
Windows logs can be very informative, providing a perfect picture of the activities happening on an endpoint. Unfortunately, the logs can also be hard to decipher when you first start examining them. Graylog uses Pipelines and Data Adapters to enrich logs to make them more functional and easier for you to read.
In order to analyze logs efficiently, they must be structured effectively. Often, logs from different sources label data fields differently and/or provide data that’s completely unstructured. The problem is that both types of data need to be structured appropriately in order to key in on particular elements within the log data, such as: Monitoring on source address, Applying rules associated with user names, and Creating alerts for destination addresses.