Forum

Ultimate Windows Security Forum » Windows Security Settings » Windows Security Log Information

Windows Security Log Information Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
kzjbry
Posted 6/8/2015 1:58:47 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/8/2015 1:44:36 PM
Posts: 2, Visits: 0
Is there a way to add additional 'admin supplied' data (such as a unique character string) to each security record? I want to capture this unique string with my SIEM tool

Thanks!
Post #3263
derekthomas
Posted 6/8/2015 8:17:56 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 201, Visits: 0
What type of security records are you interested in?
Post #3265
kzjbry
Posted 6/9/2015 8:56:10 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 6/8/2015 1:44:36 PM
Posts: 2, Visits: 0
I am trying to audit authentication/authorization/access information that is normally captured in the security logs.

I have an admin defined string that I want to append to each record.

Any help you can provide would be appreciated.

Steve
Post #3267
derekthomas
Posted 6/24/2015 7:46:47 AM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 201, Visits: 0
I don't believe that you can modify the security logs in any way. You would have to look at something else to modify the syslog messages as they are transmitted or received by the SIEM.
Post #3270
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 9:29pm