Highest Voted 'audit' Questions - Server Fault Stack Exchange

0

votes

2 answers

Network-wide audit / discovery / asset tracking / license tracking

I'm interested in network wide audit info, and after some recommendations: OS (mainly windows; ideally server and workstation) apps (for license tracking) etc Happy to consider free and commercial (although free covered here) - or even outsourced…

licensing audit asset-management

asked Nov 09 '09 at 15:19

Marc Gravell

704
6
19

0

votes

2 answers

Exchange 2013 - no admin and mailbox audit logs

I recently installed on a new network Exchange 2013. I noticed that my admin audit logs and mailbox audit logs are empty. I did Search-AdminAuditLog and Search-MailboxAuditLog and it brought no results,even though it is enabled in each mailbox…

exchange logging exchange-2013 audit

asked Jan 22 '17 at 11:49

Ashley

1
1

0

votes

1 answer

Where does Solaris 10 keep a log of pfexec attempts?

I assigned a user the "User Security" profile so that they could reset user passwords and unlock accounts. Does Solaris keep a record of whenever users execute pfexec? I didn't see any records in /var/adm/messages. I didn't see anything in the audit…

logging solaris audit solaris-10

asked Dec 08 '16 at 22:42

roartechs

231
1
3
10

0

votes

1 answer

How to audit/log only denied Windows Firewall connections

Is it possible through Group policy (or other ways?), to force all my Windows Server and Client computers to turn on network connection audit logging, but only for denied network connections, without logging successful connections? My current…

windows firewall logging windows-firewall audit

asked Dec 05 '16 at 13:38

Hrvoje Kusulja

264
1
11

0

votes

1 answer

howto logging attribute add/modify in openldap

I want to remain log in openldap for audit. So i add olcAuditlogConfig. But olcAuditlogConfig remain the ldapadd,ldapmodify,ldapdelete... cmd. we used phpldapadmin, not log remain.

openldap audit

asked Nov 30 '16 at 04:37

Cholho Lee

21
5

0

votes

1 answer

Advanced Policy Analysis

I am trying to find a way to analyze the Advanced Audit Policies. Something like the Security Configuration and Analysis tool. This tools works for the local policy, but doesn't work for the Advanced Audit Policies. I am on Server 2008. Is…

windows-server-2008 audit analysis

asked Oct 18 '16 at 19:16

Tiffany

1

0

votes

1 answer

Get actions/command history log?

Server Management website take control of the server. So for example I press save button which will then update the configuration on Linux Server. It logged onto server and then update a config file. Example Auth Log: Aug 13 20:07:19 ladev…

linux ssh audit

asked Aug 13 '16 at 19:21

I'll-Be-Back

693
3
10
25

0

votes

2 answers

Sending Red Hat audit logs to Windows Share

I am trying to figure out the best way to offload audit logs from a single Red Hat server to a windows share. What is the best way to do this without installing any additional software on the Windows Side? I am using Audisp as my logging…

linux windows redhat logging audit

asked Jul 13 '16 at 16:36

elderberries

11
1

0

votes

1 answer

Centos Audit.log is full of no relevant information

My audit.log file is full of information that i font need (and want to disable) A lot of log lines like: type=SYSCALL msg=audit(1467201475.671:36911834): arch=c000003e syscall=2 success=yes exit=49 a0=7f770ed9f318 a1=0 a2=0 a3=7f7712c00000 items=1…

linux audit auditd

asked Jun 29 '16 at 12:05

abovebeyond15

3
1
4

0

votes

3 answers

AD query to see what PCs a user has logged onto recently

Is there any way to run a query in AD to check what PCs a user has logged into recently. regards Mike

active-directory audit query

asked Oct 26 '09 at 09:22

Mike

0

votes

1 answer

Network maps, best admin practises and how them saved your ass?

I am reviewing the security of a (quite large) network. There are a some thousands switches, several hundred routers, several hundred access points, tenths of FW, IPS, and so on. PCs and servers are on the bazillion side of the scale. I have asked…

networking security local-area-network audit documentation

asked May 19 '16 at 11:09

Iñigo García

3
3

0

votes

1 answer

How can I process auditd logs on the fly using ausearch?

I want to ship off logs into centralized logging (ELK). Because of the way things are, I need to do the processing on the machine that creates the logs. How can I get each new auditd event to automatically be processed by ausearch and written to…

security logging audit auditd

asked May 02 '16 at 17:56

devinov

153
1
6

0

votes

0 answers

Can't start auditctl in Ubuntu 14.04

When I'm trying to start auditctl in my terminal (vds container ubuntu 14.04) I have the message: The audit system is disabled in audit.log: type=DAEMON_START msg=audit(1453274392.823:9236): auditd start, ver=2.3.2 format=raw kernel=2.6.32 auid=0…

ubuntu audit

asked Jan 20 '16 at 18:29

nobilik

101
3

0

votes

1 answer

Missing Account audit events on DC's

I recently discovered that all of our Domain controllers (2008 R2, domain and forest fuctional level is 2008 R2) are no longer logging AD account logon events to the Security Log. The Default Domain Controllers GPO: Audit account logon events -…

active-directory group-policy audit

asked Oct 22 '15 at 22:25

Graham

33
1
1
6

0

votes

0 answers

Audit Group Object Use?

Say you have a Security group. It's undocumented, nobody knows "what" it does, but everybody "knows" it is used for something. If some application (SQL Server or some random web app) for instance, uses this AD group object as a reference for certain…

windows audit

asked Sep 10 '15 at 21:16

benignadmin

53
1
1
7

Questions tagged [audit]