ビデオヘルプ

Have more details in the logs regarding computer accounts moved/copied/deleted events

作成: 01 Mar 2012 • 更新: 01 Mar 2012 | コメント数: 11
John Q. の写真
23 同意します
0 同意しません
+23 得票数: 23
ログインして投票
状態: レビュー完了

When we look at system logs in SEPM 11.0 (Monitors > Logs > Log type: System, Log content: Administrative), we can see traces of computers moved, copied or deleted:






Time Stamp Admin Name Event Type Domain Name Server Name Site Name
01/03/2012 17:30 MyAdminName Computer is deleted MyDomainName MyServerName MySiteName
01/03/2012 17:28 MyAdminName Computer is moved MyDomainName MyServerName MySiteName
01/03/2012 17:27 MyAdminName Computer is copied MyDomainName MyServerName MySiteName

However, we do not have detailled information regarding group membership.
For instance, in the case of computer moved, it would be very interesting to see from which group to which group.
In the case of copy, it would be interesting to know to which group.
In the case of deletion, it would be interesting to know from which group.

This would allow us to have more relevant information about administrative operations and to identify unexpected/incorrect move/copy/delete actions.

NOTE: this idea can apply to SEPM 12.1 as well (Event Type strings are slightly different - i.e The computer account has been moved to a different group - but still there is no field for group membership).

コメント コメント数: 11最新のコメントを表示

Elisha の写真

Hello John, Thanks for your suggestion.

0
ログインして投票
  • アクション
dcats の写真

Indeed! Well spotted

0
ログインして投票
  • アクション
NRaj の写真

Agreed. This will definitely help us.

0
ログインして投票
  • アクション
w-d の写真
0
ログインして投票
  • アクション
whatispro の写真

It's a good idea for our organization !

0
ログインして投票
  • アクション
Vikram Kumar-SAV to SEP の写真

If Audit logs do not please the auditors then it becomes a problem.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
ログインして投票
  • アクション
ajhay.siingh の写真

HI John,

Good Idea by you and we administrator also want this log availability as you mentioned above in any fixes or new version of SEPM.

Regards,

AKS

0
ログインして投票
  • アクション
ikr_mak の写真

Good Idea shared by you.

0
ログインして投票
  • アクション
Chetan Savade の写真

It's a really good idea.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
ログインして投票
  • アクション
Chetan Savade の写真

Similar idea: https://www-secure.symantec.com/connect/forums/auditmonitoring#comment-8843861

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
ログインして投票
  • アクション
JUSTICE の写真

Agree with ALL - much needed and required and to echo Vikram "If Audit logs do not please the auditors then it becomes a problem."

Marcus Sebastian Payne
"So cyberspace is real. And so are the risks that come with it."
- President Barack Obama

0
ログインして投票
  • アクション