Solution Overview

kron pam can send logs to siem systems via udp or tcp protocol rfc 5424 and rfc 3164 formats are supported the siem module can forward the created syslog packets to the predefined syslog server below are the sys log types which can be sent auth log contains authentication logs command log all contains only the kron pam proxy command logs command log command for ssh sessions, executed commands are being logged and those can be received by siem command log file transfer for rdp sessions, transferred files are logged, and siem can receive them command log key log for rdp sessions, we log onto the keyboard, and siem can receive those event log this log contains almost all activities in kron pam detailed event types are given in appendix 1 of this document http proxy log contains http proxy log, which is in the http proxy log screen in the product vault discover new users log contains vault new user logs script player log contains pta script player logs, which are in the script player log screen in the product session log contains session logs in the product's session log screen tacacs log contains tacacs accounting logs, which are in the tacacs account log screen in the product threat analytics log contains threat analytics logs, which are in the threat analytics dashboard in the product the above log types may differ from release to release, and as the development goes on always all logs are always covered for sending to siem