SIEM support for UMS#104

A way to in realtime feed an externa SIEM system with audit-logs.

Are you looking for a specific SIEM solution here?

No just a way to in realtime export logs from UMS to any logsystem.

Cannot tell too much for the moment, but new UMS in 2022 might bring some “Insight service” which might fit at least partially, here. Will keep the IGEL Community posted.

easiest way to accomplish this would be to have an option to feed a syslog server. of course, the bigger issue is how much logging and how verbose do you enable it on a thin client without hijacking too many resources or burning up the small SSD with writes. In memory/virtual filesystem would be prefred, but might not be desirable depening on your forensic requirements.

Any update on this? Will log forwarding from UMS Server be implemented in upcoming versions?