[SERVER-12453] Support logging/auditing to the Windows Event Log Created: 23/Jan/14 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Logging |
| Affects Version/s: | 2.5.4 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Andreas Nilsson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 3 |
| Labels: | Auditing, Windows, community-team, platforms-re-triaged | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows |
||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Participants: | |||||
| Description |
|
There is currently no support for sending logs to the Windows Event Log. Windows Event Log is the standard way of logging on Windows so it's a long-term "should have" feature. This should include normal logs as well as audit logs. Implementation steps: |
| Comments |
| Comment by Mike Button [ 22/Sep/14 ] |
|
Alert monitoring is handled by our Data Management Centre. |
| Comment by Mark Benvenuto [ 23/Jan/14 ] |
|
We also need to evaluate how this will integrate with our ETW story. We will need to decide what log content goes to each and under which verbosity level. Windows Event Log is not designed for a high volume of logs while ETW is. Windows Event Log is easier to alert for administrators. |