Closed ggriffinorg closed 2 years ago
Heya,
Sure, no problem. In terms of command line options and config file everything is identical to the Windows version, so it's just a matter of OS syntax. Could I ask which distro of Linux you are running? If you haven't chosen yet, then Ubuntu (server) might be a good choice, since that's what the tool was developed and tested on.
To run it you can copy the config file you had on Windows to your Linux box. Then you can download the Linux executable. Then you can run it with the config to test it. If it's working, you can schedule it. Here is what that could look like from a Linux terminal (although there's many ways to do it):
cd ~
mkdir audit-log-collector
cd audit-log-collector
- Step 2: prepare the config file (in Nano text editor for example):
nano config.yaml paste/write your config file CTRL + s CTRL + x
- Step 3: get the executable (this points to the latest release for now):
wget https://github.com/ddbnl/office365-audit-log-collector/releases/download/v2.0/LINUX-OfficeAuditLogCollector-V2.0 chmod +x LINUX-OfficeAuditLogCollector-V2.0
- Step 4: run it once to test (command will be the same as with Windows):
./LINUX-OfficeAuditLogCollector-V2.0 tenant_id client_id secret_key --config config.yaml
- Step 5: schedule it to run every hour for example:
crontab -e choose an editor if it asks you to, nano is the easiest to use at the end of the file write the line below 0 ~/audit-log-collector/LINUX-OfficeAuditLogCollector-V2.0 tenant_id client_id secret_key --config config.yaml CTRL + s CTRL + x
Now the collector will run at minute 0 of every hour.
Here is a screenshot of the folder containing the files:
![image](https://user-images.githubusercontent.com/40169436/170844358-e69657ed-1d5d-4992-8073-470cc6556558.png)
Here is a screenshot of the CRON schedule (crontab -e):
![image](https://user-images.githubusercontent.com/40169436/170844282-a4fd04f3-1985-44ff-b8c7-5a9927b5e593.png)
Let me know if this helped you, or if there's anything more I can do to help :)
Hi ddbnl, TY for the fast answer and tutorial. Just cool. I installed the Graylog Server on Ubuntu 20.04 LTS as it's easier for day to day usage when deployed in Production. I am going to test everything and give you a feedback. Once again TY for this awesome project as it's going to save me time to check customer's M365 Tenants Logs when they screw something up. Have a great and BR. GG
Hi ddbnl, All working. Just awesome. ;) Once again TY and have a great Sunday. BR GG
Awesome, thanks for the response.
Hi, I would like to thank you for the awesome work this project. I got the Windows version working without any issues and get the messages in Graylog. I would like to run the Linux version, but usage is not documented. Any chance you could help me out. TY in advanced for your feedback. BR GG