Alerting

Windows & Redhat: How to create an alert to grab auditable events, logs from all servers?

jonasm1
Explorer

Mixed environment about 20 servers - 70 percent Redhat and the rest its Windows OS. I'd like to know how to create an alert that grabs all audit log, other auditable events such as log failures, critical log level size etc. from ALL these servers.

Thanks for your feedback.

0 Karma

deepashri_123
Motivator

Hey jonasm1,

Can you please elaborate your question , what alerts are exactly required or what condition you want for your alerts to be triggered?

0 Karma

jonasm1
Explorer

Hello deepashri: More background: Multiple forwarders only one indexer. So I would like to know how to create an alert/s that grabs the following (from ALL servers) - #1. Log failure/processing; #2. audit logs; #3. exceeds maximum audit record storage capacity (triggers at 75% capacity); #4 audit failures; #5 Admin logons and changes.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.