Recommended configuration for rsyslog server in PE and PC


IHAC who has configured splunk as their remote syslog server. They have also configured “Audit” module for both PE and PC. To test the logging, they are able to see events such as VMs powered off and on in splunk. But they are not able to gather any information on events such as user accounts creation / deletion, as we tried to create some local accounts in PE and PC to test. Do they need to configure anything else to capture such events?

0 replies

Be the first to reply!