I'm dealing with a situation where I need to create and manage logs across various machines in my network for auditing purposes. We have a mix of workstations and domain controllers, and they're often air-gapped. I'm trying to streamline the process of collecting logs from these systems. My main dilemma is whether I should have the audit script run from the security server and fetch logs from each machine, or if I should run the audit script on each individual computer and have them send the logs back to the security server. I'm worried about figuring out the correct paths for these logs without hardcoding them in the scripts. Previously, the setup was a bit of a mess, and I'm looking for a more structured approach this time. I've heard about using registry keys for path management, but I'm unsure if that's a good practice. Any advice would be greatly appreciated!
2 Answers
I've been in similar situations. In my case, I've opted to use a script on each machine that collects the logs and then sends them back to a designated server share. It helps to automate it, and I usually handle paths dynamically so that they're not hardcoded. If you start running into access issues trying to write to a network share, you might want to look at permissions. Ensuring the script has the right access can really help. I also like to store the paths in a config file that's easy to modify on the fly.
From my experience, running the script as a startup item on each PC has worked well. The scripts then either save logs directly to a central share or even send them to a cloud API if that's an option. This way, you ensure that each machine handles its logging without hardcoding specific paths into your scripts. Plus, if you're using something like PowerShell, you can set it up to log the output nicely. Just keep an eye on permissions, as always!
I agree! Also, I found that creating a small local service that the scripts can communicate with helps manage paths more flexibly. You could explore that option if you want something a little more robust.
That's a great approach! I also recommend using environment variables for paths—I found it makes things easier when you're deploying on different machines. Just make sure all the machines can resolve the paths correctly.