Hi,
I try to ship nextcloud log to Trellix SIEM. I use syslog methot and I send onlt admin_audit logs. I noticed that the audit log does not include the username in the logout action section.
Such as:
<14>Jul 22 15:51:50 bulut nextcloud[124246]: {“reqId”:“pXtf0KeAWnYciah8Utpw”,“level”:1,“time”:“22.07.2024, 15:51:50”,“remoteAddr”:“10.65.8.100”,“user”:“2BE98F99-8969-4CEA-9F71-FC6CB5970795”,“app”:“admin_audit”,“method”:“GET”,“url”:“/nextcloud/logout?requesttoken=LBR7uxuwKwqDx5YRGX%2FaV2LW1q8JLC1OMlBQtd2ztXI%3D%3AaCFUymmDckDJq%2B9zcwqTOgSA5cdLSmdlBSUk2oqY9Dk%3D”,“message":"Logout occurred”,“userAgent”:“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36”,“version”:“28.0.7.4”,“data”:{“app”:“admin_audit”}}
So, how can I get this detail in log?
Regards,