Hi,
syslog server integration must be really improved.
There are 4 main points to be enhanced in PAM:
1. The idea is to implement in PAM the possibility to send CEF events via Syslog and not using JSON format. CEF would be great in order to integrate PAM audit logs with SIEM, especially ArcSight.
2. Please let the users be able to choose between UDP and TCP as a forward protocol, instead of using just TCP as actual implementation.
3. Audit Events must include the Access Control module, instead of just Command Control.
4. For high availability we should have the possibility to add more than one syslog server or we should be able to select a different syslog server based on different domain/site/audit zone
Thanks,
Stefano
Thanks