In SA 10.3.5 I need to capture admin activity log regarding
- failed login
In Envision, there was reports regarding these informations, but I don't find in SA.
Can you help me please?
Thanks a lot
I spoke with one of the product experts and he says this is now possible in version 10.4 and is working on a parser which he will post here. He is checking to see if it will work in 10.3.4.
We had been told previously, aka 10.3.3, /var/log/messages was it.... until 10.4.
This might be helpful
Security Analytics Parser v2.0.zip
Thanks a lot Leornard.
I really appreciate it.
Thanks for sharing this useful parser, but I am not able to download the same.
Will you please upload it again or send it to me directly?
Thanks in advance.
Retrieving data ...