Central Logging: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
** The logs are sent to the central logging server managed by the university. Where they are imported into Splunk and are only viewable to the people with access to the cs logging domain. | ** The logs are sent to the central logging server managed by the university. Where they are imported into Splunk and are only viewable to the people with access to the cs logging domain. | ||
* '''Why is it Logged?''' | * '''Why is it Logged?''' | ||
** This is to cover a Security Policy issued for High and Moderate risk machines (and may eventually be required for Low risk machines). The policy for this can be viewed [https://it.vt.edu/content/dam/it_vt_edu/policies/Standard_for_Information_Technology_Logging.pdf here.] | ** This is to cover a Security Policy issued for High and Moderate risk machines (and may eventually be required for Low risk machines). The Virginia Tech policy for this can be viewed [https://it.vt.edu/content/dam/it_vt_edu/policies/Standard_for_Information_Technology_Logging.pdf here.] | ||
= More Information = | |||
== Applications == | |||
* Windows: Winlogbeat | |||
* Mac: Filebeat | |||
* Linux: Filebeat | |||
The central logging service requires version 8 or higher of each of these programs | |||
== Links == | |||
* [https://4help.vt.edu/sp?id=kb_article&sysparm_article=KB0011433&sys_kb_id=fe85b4e81b5a8ed463110f66624bcb89&spa=1 Knowledgebase] | |||
* [https://www.pki.vt.edu/incommon_tls_chain_new.pem Certificate] | |||
* [https://drive.google.com/file/d/1wQ4wQZToyWRoi741UM6cqpJztaKHqFoY/ Default Windows Config] | |||
* [https://drive.google.com/drive/folders/1z9qKifwezpACQtGE0l7Jm4Ni0112hkye Default Mac Config] | |||
Latest revision as of 10:13, 19 August 2024
Questions about Logging
- What is Logged?
- For Windows: The Windows events logs: Application, System, Security, ForwardedEvents, Microsoft-Windows-Powershell, and WindowsPowerShell
- For Mac: Mac ASL logs (excluding debug and traces).
- Where is it Logged?
- The logs are sent to the central logging server managed by the university. Where they are imported into Splunk and are only viewable to the people with access to the cs logging domain.
- Why is it Logged?
- This is to cover a Security Policy issued for High and Moderate risk machines (and may eventually be required for Low risk machines). The Virginia Tech policy for this can be viewed here.
More Information
Applications
- Windows: Winlogbeat
- Mac: Filebeat
- Linux: Filebeat
The central logging service requires version 8 or higher of each of these programs