add syslog logging option for atomic execution - Githubissues

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

MIT License

805 stars 190 forks source link

add syslog logging option for atomic execution #113

Closed clr2of8 closed 1 year ago

clr2of8 commented 1 year ago

You can optionally add a syslog server and port to Public\config.ps1 and the default logger will send the atomic execution log to your syslog server as well as write it to disk. If you don't configure a syslog server, everything works the way it did before with just logging to a file.

clr2of8 commented 1 year ago

Those are good questions. The first item had crossed my mind and yes I think this would be good. I'll update it. I have some other additions planned that are going to need a config file so I think we don't need to add command line switch in this case. For the documentation of the config file, I'll add that to the wiki section here once the PR is approved.

clr2of8 commented 1 year ago

I added the config to a custom PowerShell object with a name of artConfig where each setting can be references using dot notation like $artConfig.syslogPort

clr2of8 commented 1 year ago

Moving to draft because I want to update to use proper syslog format first

clr2of8 commented 1 year ago

Closing for now, will submit a fresh PR when ready.