|
|
|
|
|
|
by antoncohen
2981 days ago
|
|
|
To address logging offline you need a log shipper that will do reliable logging and pick of where it left off. I think rsyslog, Elastic Beats, and Splunk forwarder will all do that. Then logs are sent when a machine connects to a network. For mobile (online but outside corporate network) there are two options I've heard of being done: 1. Have each endpoint have a unique TLS certificate, and have the log shipper do mutual TLS to the logging server which has a public IP. 2. Have a backhaul VPN that is allows connected, automatically, to the monitoring network, and send the logs over that. That VPN is different than the user VPN that gives access to the corporate network. |
|
|