bring "Send Syslog Messages" Extension to the next Level

Avatar
  • updated
  • Pending Review

Currently the Extension: Send Syslog Messages includes only basic information: such as connected, disconnected, etc..

For security relevant troubleshooting not really helpful.

right now information was logged in this way:

Image 927

for my understanding it should look the following:

Image 928

{Session.Name} or {Session.Host} should be used as free available variables - similar to the triggering functionality - configurable via the Extension Settings. 

Image 929

the settings should be extended to have an option if this kind of event should be forwarded or not.

The extension should also have an event: Where its possible to create an alert if a User has generated a Link for "Get Host Pass" and events, when it has been really used.

Avatar
0
Eric-03121

Recently raised this case with support ( Case #02748950) and they pointed me here, to a 4 year old idea.

Avatar
0
MDOmnis

I also opened a case a few days ago and was pointed here. We have also noticed that the logs being forwarded to syslog/SIEM are very generic and lack key information. We see things like "a session was disconnected from" or "files were dragged. These leave out important elements necessary for investigation and forensics. These messages should be better out of the box or at the very least, they should be customizable to allow the use of variables like hostmachinename, guestmachinename, user, filename(s), filepath, etc.

Avatar
0
Eric-03121
Quote from MDOmnis

I also opened a case a few days ago and was pointed here. We have also noticed that the logs being forwarded to syslog/SIEM are very generic and lack key information. We see things like "a session was disconnected from" or "files were dragged. These leave out important elements necessary for investigation and forensics. These messages should be better out of the box or at the very least, they should be customizable to allow the use of variables like hostmachinename, guestmachinename, user, filename(s), filepath, etc.

Exact same issue we are facing.



Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar