If you have a PAM like Certify should you be get app logs if you already have an agent on all servers?
I was jus looking for opinions so please chime in with any info.
thank you
Hi Tracey,
the Insight agent doesn’t collect application logs natively, we do have a configurable option which would enable the ability to tail any text file on an endpoint. See here: Configure the Insight Agent to Send Additional Logs | InsightIDR Documentation
Essentially you need to configure the logging.json which can be used to collect any UTF-8 text logs, or on Windows Machines (not supported on domain controllers) you can collect all System, Security and Application logs from the windows event logs. It is not configurable to add other .evtx log sources today.
Please let me know if this answers your question.
David
Hello David, think you for replying. I know how to set it up. The question is do you need it if you are getting the login info from the servers already?
Hi Tracey,
are you referring to Asset Authentication logs?
If this covers the requirement then there would be no need to have additional configuration.
David