Audit Log on WSA and ESA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-22-2020 11:37 PM
Dear Colleagues
I want to configure Audit Log for configuration changes on WSA and ESA.
-How can I configure to send Audit log to SIEM.
-How to give access to audit log to users logged in to WSA/ESA.
Please advice.
- Labels:
-
Email Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-23-2020 02:04 AM
is this device managed by SMA ? or managed standalone. - either case proceedure same, if you doing central management you need to perform in SMA.
Login to ESA / WSA /. SMA
system administration --> Log subscription.
click add log subscription
Logtype --select audit log from pull down menu.
Select method how you like to ship logs to SIEM
Hope this help you ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-23-2020 08:04 AM
In the gui, it's under System Administration/Log Subscriptions.
You probably want to turn on "CLI Audit Logs" and maybe "Configuration History Logs"
You'll probably have to write some parsing rules in the SEIM
Log types, descriptions and log examples are in the online help file.
Ken
