Endpoint Centralized Logging

Introduction

During an IT security incident, logs help determine what happened and when. Attackers often delete or modify local logs, so the IT Security Office requires remote, centralized logging for all high risk end points.

Procedure

1. Meet the Standard for Information Technology Logging requirements.
2. Forward logs to University Central or ITSO authorized log server.
3. Log servers should forward logs to the University Central log server.

Other

If you have questions that are not covered in this procedure, please contact the Virginia Tech IT Security Office itso@vt.edu for a consultation.

Resources

Getting Started with Central Log Service (CLS)