How can I send only only the "Most Recent User Activities" to a remote syslog server?

  • 2
  • Question
  • Updated 3 years ago
Can I send only the "Most Recent User Activities" to a remote syslog? I don't want to collect all the radius_client, radius_server, cluster... information. Syslog server is solarwinds. I am running two ZD3000 Active/Stanby configuration.

I need the user information as part of my security logging.
Photo of Steve

Steve

  • 1 Post
  • 0 Reply Likes

Posted 4 years ago

  • 2
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 321 Posts
  • 77 Reply Likes
You can send all messages to a syslog server and then filter for the ones you need. However looking at my last 10,000 (default) entries there are no "most recent user activities" entries.
Would expect they appear under "info" or "warning" headings but those seem to have few entries. It seems almost everything comes under the "error" and "debug" heading.
Then need to find the exact wording ruckus use for messages that relate to "most recent user activities" and text filter on that.

I'm using syslog watcher personal. In general the log entries tend to be pretty cryptic so don't expect plain english!

In very pragmatic terms if you log everything then you at least have the data to fulfill your security requirement even though you are collecting more than needed. Hmm.
Photo of edepe

edepe

  • 3 Posts
  • 0 Reply Likes
hello,
i just installed syslog watcher personal, whats next step?
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
point your zonedirector at your syslog server.