Highest Voted 'audit' Questions - Server Fault Stack Exchange

5

votes

4 answers

How do I audit changes made to our servers, routers, etc.?

We have a lot of servers (running Windows and Ubuntu) along with a mix of Cisco and Juniper routers with a side of HP Procurve switches. We have a few sysadmins who like to make changes to configs without telling anyone or documenting it anywhere.…

audit

asked Jun 22 '10 at 01:57

zippy

1,718
3
21
36

5

votes

5 answers

VMware ESX Auditing

I'm looking to generate an excel spreadsheet with various information about each one of my company's ~140 VMs residing on 7 ESX 3.5 servers - specifically, the VM's: Name Allocated Memory, Processors, Hard Drive Average Memory, Processor…

powershell vmware-esx audit

asked May 29 '09 at 17:05

pezhore

93
6

4

votes

1 answer

Investigate potential breach in Azure App Service

We suspect we have had a data breach, but we are not sure how to investigate it to determine the source of the breach or what data was sent. We have an app service that has been running for a while with steady usage. We noticed that over the last…

azure audit log-analytics-workspace azure-monitor

asked Dec 09 '19 at 21:04

react-dev

213
2
5

4

votes

2 answers

Any tips for planning a (self-inflicted) software audit?

How do you check that the software at your site is licensed? Have you come up with any tips to minimize effort?

audit

asked May 18 '09 at 01:18

username

4,755
19
55
78

4

votes

2 answers

MySQL enabling the query log for the root user only

I want to an audit log for a particular user/connection and not the application itself. Anytime a client manually connects to the server with specific credentials, I want the query log, and binary log to be enabled. Is this possible, how would I…

security mysql logging audit

asked Dec 07 '09 at 14:10

Walter White

4

votes

2 answers

Is there a Windows Event character count limitation?

I'm working on output analysis of the Windows Event ID 5136 ("A directory service object was modified") and more specifically events with "LDAP Display Name = nTSecurityDescriptor" (see following event 5136 capture). In the "value" field, I have a…

windows windows-server-2012-r2 windows-event-log audit

asked Aug 29 '17 at 15:45

Michel de Crevoisier

571
4
9

4

votes

1 answer

Disable auditing of specific ldap attributes

I'm working on some auditing for PCI-DSS, notably "Audit Directory Service Access". This creates a huge volume of logs, mostly based on a couple specific recurring properties being accessed in the same fashion. I've been able to identify these…

active-directory security audit

asked Nov 16 '16 at 22:06

Tim Brigham

15,545
10
75
115

4

votes

2 answers

How to log all commands run on Linux including their arguments (parameters)?

How can I log all commands executed on Linux, including their command-line arguments (parameters)? So, for example, if someone runs: rm -rf /tmp/foo I would see a log entry similar to this: 2016-01-01 18:00:00 user=bob command='rm -rf…

linux audit auditd

asked Mar 21 '16 at 19:47

Neil

2,425
8
36
45

4

votes

1 answer

Check whether GRANT EXECUTE TO user or role was applied

In Microsoft SQL Server, I can use GRANT EXECUTE TO to grant execute permission to some user or role. I'm interested in detection: How can I equally simply check whether that GRANT EXECUTE command was already applied to given user/role?…

sql-server permissions audit

asked Oct 02 '15 at 12:45

miroxlav

291
1
3
9

4

votes

0 answers

Why does ausearch skip entries?

I am trying to use the ausearch tool search my auditd logs for specific entries. The problem is that most of the entries in audit.log appear to be unsearchable. Searching with matching parameters often returns , even though there is a…

linux audit auditd

asked Sep 01 '15 at 06:03

user339676

171
5

4

votes

1 answer

Audit logs are not being generated on linux machine

Hi We are using four linux servers for on application. Application just simply generates reports using scripts... Now for three servers audit logs are being generated in /var/log/audit directory (as below) but for one server no logs are being…

rhel6 audit

asked Jun 05 '15 at 10:28

KnowledgeSeeeker

143
1
4

4

votes

4 answers

How to parse audit.log using logstash

I want to use logstash to collect a log file, and the format of the file was like this: type=USER_START msg=audit(1404170401.294:157): user pid=29228 uid=0 auid=0 ses=7972 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open…

audit logstash

asked Jul 01 '14 at 08:31

txworking

479
2
6
15

4

votes

1 answer

How can I set audit controls on files owned by TrustedInstaller using Powershell?

I am trying to set audit controls on a number of files (listed in ACLsWin.txt) located in \%Windows%\System32 (for example, aaclient.dll) using the following Powershell script: $FileList = Get-Content ".\ACLsWin.txt" $ACL = New-Object…

windows-7 permissions powershell audit

asked Nov 07 '13 at 17:40

Drise

177
2
8

4

votes

1 answer

Survive a Software Audit

I received a letter from Autodesk asking for a "License Assessment". I understand it as a software audit. They plan to do it remotely. The thing is, I'm a freelancer, I don't use any Software Asset Mangment software, and I just recently swap out my…

hard-drive audit

asked Nov 14 '11 at 18:15

rosepost1150

4

votes

1 answer

How can I log the creation of Exchange 2003 and 2010 mailboxes?

We are trying to acquire a new certificate/label. In order to get this certificate/label we need to monitor the creation of mailboxes in Microsoft Exchange. We are currently using Microsoft ACS (Audit Collection Services), but if a mailbox is…

exchange audit

asked Sep 05 '11 at 07:03

Bart De Vos

17,911
6
63
82

Questions tagged [audit]