Cisco Security Agent - CSA Logging features

Answered Question
Mar 17th, 2010

Please, I need yours help.

I have some questions which must be answered ASAP.

Is it possible

Logging - File copy from local drive to removable storages

Logging - File copy from network drive to removable disk

Logging – System parameters change

Logging – Connection to share on computer???

Correct Answer by dkthomas about 6 years 11 months ago

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....

We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.

I hope that helps,

-dt

Correct Answer by jyoung01@americ... about 6 years 11 months ago

you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.

Correct Answer by jan.nielsen about 6 years 11 months ago

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.

Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
jan.nielsen Wed, 03/17/2010 - 05:59

Logging - File copy from local  drive to removable storages

Yes

Logging - File copy from network drive to removable disk

Yes

Logging – System parameters change

Don't know what you are referring to...registry changes ?

Logging – Connection to share on  computer???

What do you mean, just the actual attempt to connect to the machine, or the accessing of data on the share ?

secureboy Wed, 03/17/2010 - 06:14

Thank you for quick reply..

Logging – System parameters change

I am referring that

  -registry changes

  - changing or replacing important system files

  or any system changes which maybe take to instability operating system normal functionality..

Logging – Connection to share on  computer???

Sorry it was incorrect.

Logging – Connection to share folder on agent's computer?

Correct Answer
jan.nielsen Wed, 03/17/2010 - 09:19

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.

Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

Correct Answer
jyoung01@americ... Wed, 03/17/2010 - 11:07

you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.

Correct Answer
dkthomas Thu, 03/18/2010 - 18:17

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....

We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.

I hope that helps,

-dt

Actions

This Discussion

Related Content