Cyber Security has developed a simple process to allow campus units to forward Windows event logs to a central logging server. There are plans for Georgia Tech Information Technology to provide this processes as a part of an overall Central logging service for the entire campus. We are in an early adopters phase but you are welcome to apply the group policy and start forwarding your logs if you are willing to deal with minimal support at this time. The Cyber Security team or the Log Management team will maintain the below GPO if any changes are needed to meet the growing needs of this service.
Apply a group policy called: _Campus- NIST800-171-Central-Logging
Done – mark this task off of your security checklist!
If you need help or more information about this process please submit a ticket to firstname.lastname@example.org.