Welcome to our community!

bring "Send Syslog Messages" Extension to the next Level

Christian Walch

4 years ago
updated 1 day ago
Pending Review

Currently the Extension: Send Syslog Messages includes only basic information: such as connected, disconnected, etc..

For security relevant troubleshooting not really helpful.

right now information was logged in this way:

for my understanding it should look the following:

{Session.Name} or {Session.Host} should be used as free available variables - similar to the triggering functionality - configurable via the Extension Settings.

the settings should be extended to have an option if this kind of event should be forwarded or not.

The extension should also have an event: Where its possible to create an alert if a User has generated a Link for "Get Host Pass" and events, when it has been really used.

Replies 3

Oldest first
Newest first Oldest first

Eric-03121

2 months ago

Recently raised this case with support ( Case #02748950) and they pointed me here, to a 4 year old idea.

Reply Link

MDOmnis

1 day ago

I also opened a case a few days ago and was pointed here. We have also noticed that the logs being forwarded to syslog/SIEM are very generic and lack key information. We see things like "a session was disconnected from" or "files were dragged. These leave out important elements necessary for investigation and forensics. These messages should be better out of the box or at the very least, they should be customizable to allow the use of variables like hostmachinename, guestmachinename, user, filename(s), filepath, etc.

Reply Link