pkroetsch

I would agree this would be an important feature. We are moving our whole network to a linux environment and this would be helpful.

in Active Response for Linux Comment by pkroetsch July 2012

I would agree that this would be a nice feature.

in Build Your Own Syslog Connectors Comment by pkroetsch July 2012

I believe there might be case open to update the connectors. #315533 just FYI. Also the case open for this FEATURE REQUEST is #317345. I was supposed to put that somewhere but i forgot until now.

in FEATURE REQUEST - Secure Log Reader (for Redhat 6.2, /var/log/secure) Comment by pkroetsch March 2012

I do also have the auditd connector setup. Right now it basically shows up everything as InternalNewToolData. Then in Extraneousinfo it will show like USER AUTH or USER ROLE CHANGE and etc... I also have sudo setup. This works good but in the Alert Name it usually shows up as File Execute. I haven't tried but I could maybe…

in FEATURE REQUEST - Secure Log Reader (for Redhat 6.2, /var/log/secure) Comment by pkroetsch March 2012

pkroetsch

Comments