Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

PCI Compliant Log Forwarding

We are using Log Forwarder for Windows version 1.1.19 to send security events to a central syslog server. When Windows starts it logs Event ID 4608 Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. We don't see this event on the central log server. This is because the "SolarWinds - Log Forwarder for Windows" service starts after this event is logged and therefore doesn't send it?

The support team confirmed this behavior and said to log a feature request so here it is.?

I've tested other log forwarders like Splunk which send this event. This is required for PCI compliance and I would of thought that Solarwinds would want to position their products to align to this standard. For your reference the specific PCI requirement is “10.2.6 Initialization of the audit logs.”

Regards,

Ken

Find more posts tagged with

Status: None

Comments

There are no comments yet