Event log "MARK" messages Expand / Collapse
Author
Message
Posted 1/26/2018 11:40:21 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 1/26/2018 12:55:50 PM
Posts: 1, Visits: 1
Looking for a standard way to monitor if a system is centrally logging. Ideally this would be a specific message that could be watched for in a SIEM or logging engine. Something similar to the syslogd "MARK" message.
Does something like this exist?
Post #7452
Posted 2/13/2018 7:24:20 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 190, Visits: 0
Sometimes you can track the last seen event for a log source and sort by oldest date. NXLog has the ability to format events in a certain manner which may suit your needs but this may also break SIEM event normalization. I have also seen orgs force a log on network devices by pushing out a config to generate a harmless log.
Post #7453
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 7:58pm