For a list of operating systems where Log Inspection is supported, see Supported features by platform.
The Log Inspection protection module helps you identify important events that might
be buried in your operating system and application logs. These events can be sent
to a security information and event management (SIEM) system or centralized logging
server for correlation, reporting, and archiving. All events are also securely collected
in Workload Security. For more information about logging and forwarding events, see
Configure Log Inspection event forwarding and storage.
The Log Inspection module lets you:
- Meet PCI DSS log monitoring requirements.
- Detect suspicious behavior.
- Collect events across heterogeneous environments containing different operating systems and diverse applications.
- View events such as error and informational events (disk full, service start, service shutdown, and so on).
- Create and maintain audit trails of administrator activity (administrator login or logout, account lockout, policy change, and so on).
To enable and configure Log Inspection, see Set up Log Inspection.
The Log Inspection feature in Workload Security enables real-time analysis of third
party log files. The Log Inspection rules and decoders provide a framework to parse,
analyze, rank and correlate events across a wide variety of systems. As with intrusion
prevention and integrity monitoring, Log Inspection content is delivered in the form
of rules included in a security update. These rules provide a high level means of
selecting the applications and logs to be analyzed. To configure and examine Log Inspection
rules, see Define a Log Inspection rule for use in policies.