{"id":28213577,"url":"https://github.com/codejake/2025-acpenw","last_synced_at":"2026-01-24T11:38:59.385Z","repository":{"id":291006156,"uuid":"972759851","full_name":"codejake/2025-acpenw","owner":"codejake","description":null,"archived":false,"fork":false,"pushed_at":"2025-05-06T17:17:27.000Z","size":1769,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-11T17:56:53.779Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codejake.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-25T16:03:22.000Z","updated_at":"2025-05-06T17:17:31.000Z","dependencies_parsed_at":"2025-06-11T17:54:34.344Z","dependency_job_id":null,"html_url":"https://github.com/codejake/2025-acpenw","commit_stats":null,"previous_names":["codejake/2025-acpenw"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/codejake/2025-acpenw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codejake%2F2025-acpenw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codejake%2F2025-acpenw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codejake%2F2025-acpenw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codejake%2F2025-acpenw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codejake","download_url":"https://codeload.github.com/codejake/2025-acpenw/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codejake%2F2025-acpenw/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28727080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T10:24:43.181Z","status":"ssl_error","status_checked_at":"2026-01-24T10:24:36.112Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-17T20:10:55.038Z","updated_at":"2026-01-24T11:38:59.381Z","avatar_url":"https://github.com/codejake.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"![Alt](assets/dash.jpg)\n\n# Install Graylog Open in 5* minutes for free!\n\n1. Find hardware or set up a VM with at least 16 GB memory. 4 or more processor \ncores would be nice, too. Our first pilot, which ran for about a year,  was a Dell Optiplex SFF PC with an i5-6500 and 16 GB of memory.\n\n2. [Install Linux](https://ubuntu.com/tutorials/install-ubuntu-server) on it.\n\n3. [Install and configure Graylog Open](https://go2docs.graylog.org/current/downloading_and_installing_graylog/ubuntu_installation.htm) on your new Linux server.\n\n4. [Install NXLog Community Edition](https://docs.nxlog.co/userguide/deploy/windows.html) on a single Domain Controller, first.\n\n5. On your Graylog server, [add a new Graylog Input](https://go2docs.graylog.org/current/getting_in_log_data/setup_an_input.htm?tocpath=Get%20in%20Logs%7CInputs%7C_____1) for port `12201` (you can change this) for your Domain Controller logs.\n\n6. Copy [my nxlog.conf](nxlog.conf) into `C:\\Program Files\\nxlog\\conf` on the Windows Servers you want to monitor (start with a single server, first!). Open Powershell and run `C:\\Program Files\\nxlog\\nxlog.exe -f` to make sure there are no errors. If it's good, restart the nxlog process.\n\n7. Check Graylog to ensure your logs start appearing. They should start showing up immediately.\n\n8. Once you're sure everything is working right, add additional Domain Controllers with the same config file.\n\n\\* This is almost certainly a lie.\n\n\n## Useful Links\n\n- [NSA's Spotting The Adversary With Windows Event Log Monitoring](assets/nsa-windows-event.pdf)\n- [NSA Event Forwarding Guidance](https://github.com/nsacyber/Event-Forwarding-Guidance) 🏆\n- [https://github.com/reighnman/Graylog_Content_Pack_Active_Directory_Auditing](https://github.com/reighnman/Graylog_Content_Pack_Active_Directory_Auditing): I wouldn't recommend using it directly, but use it for inspiration.\n- [https://graylog.org/post/critical-windows-event-ids-to-monitor/](https://graylog.org/post/critical-windows-event-ids-to-monitor/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodejake%2F2025-acpenw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodejake%2F2025-acpenw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodejake%2F2025-acpenw/lists"}