A post was made and I was working through some security stuff of my one. I felt inspired to make a post about it. Below is a list of logs we need to review regularly for ServiceNow

Can anyone provide us with Names, Tables, and Sources for the logs listed?

• Authentication successes and failures
• Authorization (access control) failures
• This would be very verbose and you wouldn’t want this.
• Do you mean code failures? They would show up as errors in the logs… but not explicitly listed for an acl, just an code error.
• Application startups and shutdowns
• So. Application startups depends on what you mean “applications”. If you mean NODES than thats on sys_cluster_state in the payload look for servlet.started xml node.
• If you mean something else I don’t think that’s how this works.
• Configuration changes
• this is available on sys_update_xml
• Changes to code files or memory
• This is the same as configuration changes. Servicenow has no files you can modify like a traditional server, at least not that we can access.
• Application errors and system events e.g. syntax and runtime errors, connectivity problems, performance issues, third party service error messages, file system errors
• Input validation failures e.g. protocol violations, unacceptable encodings, invalid parameter names and values
• I’d guess this would be in the syslog_list, but I’m not sure exactly the types of things you’re expecting.
• Output validation failures e.g. database record set mismatch, invalid data encoding
• I’d guess this would be in the syslog_list, but I’m not sure exactly the types of things you’re expecting.
• Session management failures e.g. cookie session identification value modification
• System Properties > glide.ui.strict_customer_uploaded_content_types restricts what can be loaded vs downloaded to stop xss
• System Properties > glide.security.file.mime_type.validation restricts the file’s mime type on upload
• System Properties > glide.ui.strict_customer_uploaded_static_content restricts the files somehow
• System Properties > glide.attachment.extensions restricts the files extensions allowed to be uploaded
• System Properties > glide.image_provider.security_enabled restricts access to uploads to authenticated users
• System Properties > glide.ui.attachment.download_mime_types restricts downloadable mime types