[Research] StorageGRID Syslogging: The ELK Stack

A place to put some researches into StorageGRID syslogging. Specifically, I need to cover what is in the table below (as far as possible).

In my enterprise scenario: "The syslogs from StorageGRID are sent via a heavyweight forwarder to a Logstash instance where they are parsed, enriched and then sent to an Elastic instance where they are kept for 90 days.

Q: What is a heavyweight forwarder?
A: A heavyweight forwarder in Splunk is a full Splunk Enterprise instance, configured to primarily act as a forwarding agent, but with the ability to index, search, and modify data before forwarding. Unlike universal forwarders, which simply forward data, heavy forwarders can parse, index, and even route data based on specific criteria before sending it to an indexer.
Source: Google Search (AI)

Q: What is Logstash?
A: Logstash is an open source server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash."
Source: Logstash: Collect, Parse, Transform Logs | Elastic

Q: What is Elastic?
A: Elastic - The Search AI Company. Smarter search. Stronger security. Seamless observability. Uncover real-time insights with Search AI.
Source: Elastic — The Search AI Company | Elastic

To be Monitored

Heading	Covers (includes)
1) Failed login	Login failures to Grid/Tenant Manager Authentication failures via REST APIs
2) Successful Account Creation	Creating Local Users
3A) Successful Account Modification	Modifying Local Users
3B) Successful Account Deletion	Deleting Local Users
4) Audit Policy Changed	Adding/removing audit destinations Change to security audit log settings
5) Time Change	Time change Time zone change NTP settings change
6) Protocol Setting change	Changes to the state or configuration of: SSH, SSL, S3
7) Operational Alerting Disabled	Changes to alerting settings. Changes to AutoSupport settings.