bring "Send Syslog Messages" Extension to the next Level
Currently the Extension: Send Syslog Messages includes only basic information: such as connected, disconnected, etc..
For security relevant troubleshooting not really helpful.
right now information was logged in this way:
for my understanding it should look the following:
{Session.Name} or {Session.Host} should be used as free available variables - similar to the triggering functionality - configurable via the Extension Settings.
the settings should be extended to have an option if this kind of event should be forwarded or not.
The extension should also have an event: Where its possible to create an alert if a User has generated a Link for "Get Host Pass" and events, when it has been really used.
I also opened a case a few days ago and was pointed here. We have also noticed that the logs being forwarded to syslog/SIEM are very generic and lack key information. We see things like "a session was disconnected from" or "files were dragged. These leave out important elements necessary for investigation and forensics. These messages should be better out of the box or at the very least, they should be customizable to allow the use of variables like hostmachinename, guestmachinename, user, filename(s), filepath, etc.
Exact same issue we are facing.