ControlUp Community

Connect, Learn, and Grow

ControlUp Logs and Syslog Functionality for Edge DX Users.

Posted on

A user asked about Syslog functionality for ControlUp logs on their SIEM tool, as they are exclusive users of Edge DX. Another user suggested using API’s to extract logs, and mentioned the use of a cloud-hosted Splunk. They also discussed Windows event logs on endpoints, with event IDs for remote control/shadow and shell sessions. Mac logs are kept separately, and can be accessed through a specific command. An event staffer confirmed the information.

Read the entire ‘ControlUp Logs and Syslog Functionality for Edge DX Users.’ thread below:

We are exclusively Edge DX customers. Is there any syslog functionality that we can use to ship ControlUp logs to our SIEM tool in this use case?

only thing you can do atm is to extract them using the api’s. All actions on the endpoint are also logged in the windows event logs on those machines

I know we where looking at connecting to a cloud hosted splunk for example but no idea about the state for that. DO you anything more about it @member?

Oh, actions on endpoints are logged in Windows? Interesting

Circling back to this, @member. Can you please point me to the eventid’s we should be looking for on endpoints? And similarly, are all events logged for Macs that are controlled/shadowed remotely? Is this documented somewhere that you can point me to?

I found at least a few of them @member. It looks like the events are all saved in Windows Logs\Application. Eventids 50 and 51 are for remote control/shadow connect/disconnect respectively. And 80 is for remote shell sessions started, 20 is for remote shell commands.

Still would like to know about macs, please

for macs we keep them in our own log as there isn’t a similar system like event logs you can use this to grab logs: /usr/local/com.controlup.edgedx.agent/Bin/AgentAssist logs

I am at an event right now, lets see if I can pull someone in from support

talked to a support guy and he confirmed that cmdline so if you need anything else or are missing something please open a support ticket

excellent. Thank you!

Continue reading and comment on the thread ‘ControlUp Logs and Syslog Functionality for Edge DX Users.’.  Not a member? Join Here!

Categories: All Archives, ControlUp Edge DX
Topics: , , , , , , ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!