Ayuda de vídeo de Screencast

Have more details in the logs regarding computer accounts moved/copied/deleted events

Created: 01 Marzo 2012 • Updated: 01 Marzo 2012 | 11 comments
el cuadro de los John Q.
22 Acepto
0 Discrepe
+22 22 Votos
Login to vote
Estado: Revisado

When we look at system logs in SEPM 11.0 (Monitors > Logs > Log type: System, Log content: Administrative), we can see traces of computers moved, copied or deleted:






Time Stamp Admin Name Event Type Domain Name Server Name Site Name
01/03/2012 17:30 MyAdminName Computer is deleted MyDomainName MyServerName MySiteName
01/03/2012 17:28 MyAdminName Computer is moved MyDomainName MyServerName MySiteName
01/03/2012 17:27 MyAdminName Computer is copied MyDomainName MyServerName MySiteName

However, we do not have detailled information regarding group membership.
For instance, in the case of computer moved, it would be very interesting to see from which group to which group.
In the case of copy, it would be interesting to know to which group.
In the case of deletion, it would be interesting to know from which group.

This would allow us to have more relevant information about administrative operations and to identify unexpected/incorrect move/copy/delete actions.

NOTE: this idea can apply to SEPM 12.1 as well (Event Type strings are slightly different - i.e The computer account has been moved to a different group - but still there is no field for group membership).

Comentarios ComentariosIr al último comentario

el cuadro de los Elisha

Hello John, Thanks for your suggestion.

0
Login to vote
el cuadro de los dcats

Indeed! Well spotted

0
Login to vote
el cuadro de los Vikram Kumar-SAV to SEP

If Audit logs do not please the auditors then it becomes a problem.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
el cuadro de los ajhay.siingh

HI John,

Good Idea by you and we administrator also want this log availability as you mentioned above in any fixes or new version of SEPM.

Regards,

AKS

0
Login to vote
el cuadro de los Chetan Savade

It's a really good idea.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
el cuadro de los Chetan Savade

Similar idea: https://www-secure.symantec.com/connect/forums/auditmonitoring#comment-8843861

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
el cuadro de los JUSTICE

Agree with ALL - much needed and required and to echo Vikram "If Audit logs do not please the auditors then it becomes a problem."

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

0
Login to vote