Support Questions
Find answers, ask questions, and share your expertise

Active Directory logs parser

Active Directory logs parser

New Contributor

Hi All,

I was going through the available metron parsers but couldn't figure out one available for parsing Active Directory logs!

I am wondering what approach I should take here? What could be a standard messaging format for AD logs?

Any help/suggestion/guidelines in this regard would be highly appreciable.

Thanks in advance.

~DM

1 REPLY 1

Re: Active Directory logs parser

Contributor

@D M Provide an example log format. You can use grok parser with a custom grok statement.