Centralised Log Management

Service Requirements and Dependencies

Service Overview

Syslog Inputs (UDP/TCP)

NetFlow Collector

Streams

WinLogBeats For Windows OS Systems

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
   hosts: ["syslog_server:5044"]
path:
data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
 - windows
winlogbeat:
  event_logs:
   - name: Application
   - name: System
   - name: Security
   - name: Microsoft-Windows-Windows Defender/Operational
   - name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
   - name: Microsoft-Windows-PowerShell/Operational

FileLogBeats For Linux/Unix/BSD Systems

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
fields.source: ${sidecar.nodeName}
filebeat.inputs:
- input_type: log
  paths:
    - /var/log/*.log
  type: log
output.logstash:
   hosts: ["syslog_server:5048"]
path:
  data: /var/lib/graylog-sidecar/collectors/filebeat/data
  logs: /var/lib/graylog-sidecar/collectors/filebeat/log

Firewall Rules

Source	Destination	Protocol	Port	Direction
Your Network Infra	ANMS Syslog Server	UDP	1514-1520	Outbound
Windows Servers	ANMS Syslog Server	TCP	5044,9000	Outbound
Linux Servers	ANMS Syslog Server	TCP	5045,9000	Outbound

Integration in customer portal