I was really excited to see this Application, we use Rapid7 and there was no good way to get this data into IDR. My excitement was quickly diminished immediately after I installed this software. Why create a software that is to redirect logs, and in this case to a SIEM and not make it run as a service? I tested it, right after I set it up, I monitored the service running and as soon as I logged off my admin account the service stopped and I can only assume the logging stopped as well. Is there anyway to run this as a service? I really don’t need to see the Scrolling CLI, that feature is pretty much pointless.
Hello
Thanks for your detailed feedback on the Syslog Connector - it is very welcome.
I am the Product Manager for the Universal Syslog Connector and highly welcome the feedback.
In this case the Syslog Connector is in its first release and we will iterate it continuously in line with the feedback we receive from users.
Yes right now it runs as an executable from a Command window and if the window is closed then the Syslog forwarding also stops. We mention this quite clearly in the release notes.
We are looking at developing more Events to be included for forwarding and will also look at the Service aspect.
In addition the formats will also be addressed in future releases.
Feel free to reach out directly to me if there are any more features you would like to see added that would help with your outcomes.
Thanks,
Aqil
Aqil,
I understand the status of the tool, however the very fact that the tool does not run as a system service eludes to, what I can only think of calling a “wrong direction”. I agree the need for a more open tool for logging is very important. As a matte of fact, we are looking at other Anti Virus solutions due to this very fact. However, having a tool that requires an interactive login to run is really a non-starter and probably shouldn’t have made it out of predevelopment. The purpose of a tool like this is to redirect logs to another destination like a SIEM for analysis. I need to be able to create alerts to tell me when this tool isn’t working, it needs to be on when the server is on. Another thing, alerting when there is a security event is great, however, the logs need to be able to include a heartbeat of some sort from each client that includes computer name, tenant name, mac address and IP. This would allow for accurate cross database searching in a SIEM.
Thank You,
Peter
Hi Peter,
Your points are well stated and well received. Highly useful feedback!
We will be looking at incorporating some of these elements for the next iteration of the product.
Thanks,
Aqil
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.