Capture security and system events on windows.
This commit is contained in:
felix.suarez
parent
8940e2b9aa
commit
dbd7de857b
|
|
@ -147,22 +147,23 @@ module_max_critical 20
|
|||
module_end
|
||||
|
||||
# Log events
|
||||
|
||||
# Get logs from System source.
|
||||
module_begin
|
||||
module_name System Events (TermService)
|
||||
module_type async_string
|
||||
module_logevent
|
||||
module_description Log Events coming from Terminal Service
|
||||
module_type log
|
||||
module_logevent
|
||||
module_source System
|
||||
module_application TermService
|
||||
module_end
|
||||
|
||||
# Get logs from Security source.
|
||||
module_begin
|
||||
module_name Security Events (Invalid Login)
|
||||
module_type async_string
|
||||
module_description Security log events for invalid login attempt
|
||||
module_name Security Events
|
||||
module_description Security log events
|
||||
module_type log
|
||||
module_logevent
|
||||
module_source Security
|
||||
module_eventcode 529
|
||||
module_end
|
||||
|
||||
# Check if Dhcp service is enabled
|
||||
|
|
|
|||
|
|
@ -179,6 +179,22 @@ module_description Total number of TCP connections active
|
|||
module_group Networking
|
||||
module_end
|
||||
|
||||
# Get logs from System source.
|
||||
module_begin
|
||||
module_name Eventlog_System
|
||||
module_type log
|
||||
module_logevent
|
||||
module_source System
|
||||
module_end
|
||||
|
||||
# Get logs from Security source.
|
||||
module_begin
|
||||
module_name Eventlog_Security
|
||||
module_type log
|
||||
module_logevent
|
||||
module_source Security
|
||||
module_end
|
||||
|
||||
# Example plugin to retrieve drive usage
|
||||
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs"
|
||||
|
||||
|
|
@ -273,22 +289,6 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
|
|||
#module_type generic_data_string
|
||||
#module_end
|
||||
|
||||
# Get logs from System source. Need enterprise version.
|
||||
#module_begin
|
||||
#module_name Eventlog_System
|
||||
#module_type log
|
||||
#module_logevent
|
||||
#module_source System
|
||||
#module_end
|
||||
|
||||
# Get logs from Security source. Need enterprise version.
|
||||
#module_begin
|
||||
#module_name Eventlog_Security
|
||||
#module_type log
|
||||
#module_logevent
|
||||
#module_source Security
|
||||
#module_end
|
||||
|
||||
# Get logs from Application source. Need enterprise version.
|
||||
#module_begin
|
||||
#module_name Eventlog_Application
|
||||
|
|
|
|||
Loading…
Reference in New Issue