Office 365 Activity Logs

Question

Any good debugging steps for the O365 activity log source. We set it up correctly could validate the tokens but even with a poll intervall of 1 Min I am not getting any data nor any logs. Would appreciate any debugging steps to help me understand the mess I created.

CriblNinja · Answer

You have to create an app in O365. The app has to have appropriate read permissions to the activity logs, then you have to have a source that is enabled.

After you set up the App in O365 you have to send a curl command to start your O365 Content Subscription. (This is a 2 step process). Once you get a working app, with appropriate permissions and a content subscription activated you should be able to make api calls

The steps to complete the setup can be found here: Office 365 Activity | Cribl Docs

Sign up

Using your Cribl.Cloud account

Login to the community

Using your Cribl.Cloud account

Scanning file for viruses.

This file cannot be downloaded