good day,
our InfoSec officer complain that he gets alot of logs and non of it related to his needs. he request the below paths to send logs whether from ESXi , vcenter or from a centralized log source in our case VRLI
Path | Information |
/var/log/hostd.log | Creation and deletion of new machines Creation and deletion of user accounts Accounts privilege escalation Machine Status: Starting, Shutting down, Rebooting |
/var/log/shell.log | All entered shell commands |
/var/log/auth.log | Failed and successful authentication |
regards