Forum Discussion
Anonymous
2 years agoThat’s for Audit logs or Collector logs, I presume?
Audit logs to LM Logs
There is no API endpoint to extract logs from LM Logs.
I’m not talking about extracting them from LM Logs. I’m talking about getting it directly from the audit logs and sending to the SIEM. There’s no API for a lot of things.
For the Audit Logs question, there is also a Community LogSource, “LM Audit Logs”, Locator: 43W643, that may be of interest.
Props to Thomas, but there’s a high probability of logs getting missed using that method. Gotta use the script cache to recall the timestamp of the oldest log fetched during the previous poll. Mine gets down to the second (or ms?) and makes sure there are no missed entries.
Related Content
- 3 months ago
- 5 months ago
- 5 months ago