From 2792cff2db08a9265aea086345fd502176d6c1d3 Mon Sep 17 00:00:00 2001 From: Dominik Britz Date: Fri, 12 Jul 2024 13:18:04 +0200 Subject: [PATCH] Added event log config --- config/uberAgent-ESA-eventlog-windows.conf | 34 ++++++++++++++++++++++ config/uberAgent-ESA-eventlog.conf | 2 ++ config/uberAgent-ESA.conf | 5 +++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 config/uberAgent-ESA-eventlog-windows.conf create mode 100644 config/uberAgent-ESA-eventlog.conf diff --git a/config/uberAgent-ESA-eventlog-windows.conf b/config/uberAgent-ESA-eventlog-windows.conf new file mode 100644 index 00000000..4fafcddb --- /dev/null +++ b/config/uberAgent-ESA-eventlog-windows.conf @@ -0,0 +1,34 @@ +############################################ +# +# uberAgent ESA Event Log configuration +# +# Uncomment the examples below or create your own configuration. +# +############################################ + +# # Collect Information events from the Security log as soon as they occur. Collecting on demand can be resource intensive. +# [EventLog Name=OnDemand-Security-Events] +# EventLog = Security +# LevelName=Information + +# # Timer based collection of Error and Warning events from the Application and System log +# [Timer] +# Name = Eventlog +# EventLog=TimerBased-Application-Errors-Warnings, TimerBased-System-Errors-Warnings +# Interval=60000 + +# [EventLog Name=TimerBased-Application-Errors-Warnings] +# EventLog = Application +# LevelName=Error,Warning + +# [EventLog Name=TimerBased-System-Errors-Warnings] +# EventLog = System +# LevelName=Error,Warning + +# # Collect Information events from the provider "Windows Error Reporting" in the Application Log that have a BucketType of 5 +# [EventLog Name=OnDemand-WER-Events] +# EventLog = Application +# Provider=Windows Error Reporting +# EventFilterXPath=*[EventData[Data[@Name='BucketType']=5]] +# EventID=1000,1001 +# LevelName=Information diff --git a/config/uberAgent-ESA-eventlog.conf b/config/uberAgent-ESA-eventlog.conf new file mode 100644 index 00000000..796a1879 --- /dev/null +++ b/config/uberAgent-ESA-eventlog.conf @@ -0,0 +1,2 @@ +# Event log configuration +@ConfigInclude uberAgent-ESA-eventlog-windows.conf platform=Windows diff --git a/config/uberAgent-ESA.conf b/config/uberAgent-ESA.conf index eac198f5..cf13333d 100644 --- a/config/uberAgent-ESA.conf +++ b/config/uberAgent-ESA.conf @@ -40,4 +40,7 @@ # vast limits Security & Compliance Inventory checks @ConfigInclude uberAgent-ESA-si-vastlimits-windows.conf platform=Windows -@ConfigInclude uberAgent-ESA-si-vastlimits-macos.conf platform=macOS \ No newline at end of file +@ConfigInclude uberAgent-ESA-si-vastlimits-macos.conf platform=macOS + +# Event log configuration +@ConfigInclude uberAgent-ESA-eventlog.conf