Hello
Hoping to see some extra features for the syslog function. At the moment it only appears to send messages relating to restore operations.
Main concern we have is that a rogue actor can create an account, turn off the syslog, and nothing is sent to our SIEM about it.
Would be great if we could log the following type of events, with a severity rating:
Syslog on and off messages (i.e. if an admin disables syslog in the console a log is sent before disabling)
Syslog configuration change (again, before the change is in effect, a log is sent indicating what change is being made)
New user creation
User role change (i.e. a user has been granted admin role)
keep alive / heartbeat (an "alive" log that is sent every 60 minutes or so to keep the SIEM collector happy)
backup session start / end (not a security issue, but probably would be nice to have)
-
nhkm
- Lurker
- Posts: 1
- Liked: never
- Joined: Mar 24, 2025 9:31 pm
- Full Name: Keith Mitchell
- Contact:
-
georgi.matev
- Veeam Software
- Posts: 8
- Liked: 7 times
- Joined: Feb 04, 2025 12:20 am
- Full Name: Georgi Matev [Veeam]
- Contact:
Re: Feature request - Syslog levels
Hi @nhkm
Thank you for the suggestion. We do have on our longer term roadmap to have more comprehensive auditing (all configuration changes) in the activity stream in addition to backup and restore. There are also separate plans to make that activity available to SIEM solutions.
Thank you for the suggestion. We do have on our longer term roadmap to have more comprehensive auditing (all configuration changes) in the activity stream in addition to backup and restore. There are also separate plans to make that activity available to SIEM solutions.
Who is online
Users browsing this forum: No registered users and 1 guest