Hi!
If there would be an intruder due to a virus, a network attack or anything else. Which logs are important to forward to the Syslog Server, so we can see what they have done? For example, if they tried to install a program, to open a network port, disabled the firewall etc.
Thanks in advance!