Capturing Cribl Login attempts
I am trying to capture login attempts (successful/unsuccessful) to Cribl. I can see that the cribl.log file contains logs for these (with a type of “auth”).
I have enabled CriblLogs as a source.
The log level for channel “auth” is set to Info.
When I do a capture on the CriblLogs source I don’t see these “auth” events, I do however see (some) other events - any suggestions as to what I might be doing wrong?