Highest Voted 'audit' Questions - Server Fault Stack Exchange

0

votes

1 answer

Cannot limit file access auditing on Windows Server 2019

I'm trying to implement file access auditing on a Windows Server 2019 machine with mixed success. The server in question is a member server, but not a domain controller. I have enabled success auditing using a GPO in Computer Configuration |…

asked Aug 15 '23 at 03:24

CatchAsCatchCan

183
1
12

0

votes

1 answer

Send kubernetes audit logs to multiple servers

How to send k8s audit logs to multiple servers/endpoints? I tried to pass multiple --audit-webhook-config-file arguments to kube-apiserver add another cluster to the webhook config file but these modifications are invalid and the kube-apiserver…

logging kubernetes audit

asked Jun 14 '23 at 11:11

Petr Javorik

210
2
7

0

votes

0 answers

In GitHub, is there a filter I can use to see admin activity in the Audit log?

Is there a specific search filter I can use to see all admin activity in the Audit log in GitHub? I'm specifically looking for admin changes to repository merge checks and any instance of an admin overriding merge checks in order to merge a PR. Is…

audit github

asked Jun 02 '23 at 18:35

Chris Williams

265
2
5
14

0

votes

1 answer

Sysprep without audit mode?

In preparing a (windows 7) machine for cloning, does one need to run it in audit mode before installing/customising? I have a customised machine I would like to sysprep and clone, without having to re-create in audit mode. And from where does one…

windows-7 audit sysprep cloning

asked Feb 15 '10 at 20:51

askvictor

854
3
15
29

0

votes

0 answers

Audit who calls binary

Need to get parent process and/or user of curl that, I know, starts from time to time on some server. Audit is used by others, so I can not trivialy configure it. Is there any other tools?

ubuntu-18.04 audit

asked Apr 27 '23 at 14:06

Chenger

30
2

0

votes

0 answers

Windows 2019: Audit policy being overwritten by "something"

I have similar problem as it was described in thread below: Audit policy being overwritten by "something" unfortunately deletion of audit.csv did not help let me summarize problem: we are using basic auditing in our env, that means settings below is…

windows group-policy audit

asked Mar 10 '23 at 12:15

Jan kratochvíl

1
1

0

votes

0 answers

why almalinux is hanging over night with auditlog

hey there is a hosting server overnight my server hanged up and must to restart it in morning to get it back online and saw this error in my console (you can see the picture) please help me https://i.stack.imgur.com/RKwlF.png

cron audit litespeed whm cloudlinux

asked Feb 23 '23 at 10:08

ali rahmani

1

0

votes

2 answers

How do I figure out who is using sql server

I asked asked this question yesterday but it disappeared :(. Anyway, I have a sql server that I want to decomission and need to figure out who is relying on it. There could be a bunch of tools and users relying on it. Other than a sql trace to track…

sql-server audit

asked Feb 12 '10 at 17:37

brentserbus

0

votes

0 answers

Auditing Domain Administrators - Best practice / Advice needed please

Please do advise if I am posting in the wrong place, I have not found this the easiest site to navigate (or maybe it is me...). I have been tasked with auditing and fixing our privileged accounts after a Microsoft CSAT scan. I have inherited an…

windows active-directory permissions audit

asked Feb 08 '23 at 14:51

J Thompson

1

0

votes

0 answers

For auditing purposes, how can we record all commands executed inside a kubernetes container?

We have enabled kubernetes audit logging that records the orchestration related activity. Also, the underlying host audit logs have been enabled to capture the commands executed on the host. But, once we login inside a K8s container, how can we…

logging kubernetes containers audit

asked Dec 14 '22 at 05:01

Prasad

1

0

votes

0 answers

Exchange 2013 Search Admin Audit Log Error

I am hoping someone can help me with an issue I can't seem to get past. I am trying to search the admin audit log on an Exchange 2013 server. Here is the error. The attempt to search the administrator audit log failed. Please try again later. +…

exchange exchange-2013 audit

asked Dec 02 '22 at 08:18

LifeWithLucifer

1

0

votes

0 answers

Auditd service mysteriously stopped after 2 minutes on Ubuntu

ubuntu:~$ systemctl status auditd ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2022-09-27 15:45:46 UTC; 1h 45min ago …

ubuntu systemd audit auditd systemd-service

asked Sep 27 '22 at 17:37

q85ts

1

0

votes

1 answer

Can I see a printer's log about who connected to a network printer?

There's been a problem at work about a given printer that you have to connect to using a printers' server. I don't control the server itself, but if there's a log that I can require to the server administrator, then maybe I could find out who added…

windows log-files remote-access audit network-printer

asked Sep 14 '22 at 15:13

newbie

101
5

0

votes

0 answers

Windows audit "Removable Storage" not generating an event for file deletion

I have a Windows 10 system on which I have enabled removable storage audits (via GPO: Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Object Access -> Audit…

windows windows-event-log audit eventviewer removable-storage

asked Aug 31 '22 at 05:15

tjlds

3
2

0

votes

1 answer

Losing Audit Logs When Tracing a Container

As you know, Linux Audit is not installed on Ubuntu Focal by default. I installed it, and my goal is to trace what containers do. I have this seccomp profile: { "defaultAction": "SCMP_ACT_LOG", "architectures": [ …

ubuntu docker logging audit auditd

asked Aug 08 '22 at 20:17

MoeKav

1
1

Questions tagged [audit]