Forum Discussion
Keep Log Collector running
Hi, I have deployed a log collector for Cloud App Security in a Docker container on a Windows Server 2019 VM. Our FortiGate firewall is pushing syslog messages to this log collector, which ingest...
don't logoff 🙂
A user must be signed in for Docker to collect logs. We recommend advising your Docker users to disconnect without signing out. from https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker-windows
A user must be signed in for Docker to collect logs. We recommend advising your Docker users to disconnect without signing out. from https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker-windows
Keeping a disconnect user session in memory will allow an attacker to compromise the server. Wouldn't it be wise to always log off disconnected RDP sessions on servers, to reduce attack surface? Therefore, we have a GPO set, that logs off every RDP session on our servers that are disconnected for 10 minutes.
Isn't there a way to keep the container running as a service, while there is no user session active on the server?
leoschroer not much options here:
I would suggest that you add this system to your Tier 1 servers, and not applying any GPO that logs off users from disconnected sessions. It's best to use a dedicated server, with least privileged access, and well-documented procedures.
