03-17-2010 01:34 AM - edited 03-09-2019 10:52 PM
Please, I need yours help.
I have some questions which must be answered ASAP.
Is it possible
Logging - File copy from local drive to removable storages
Logging - File copy from network drive to removable disk
Logging – System parameters change
Logging – Connection to share on computer???
Solved! Go to Solution.
03-17-2010 09:19 AM
Logging – System parameters change
-registry changes
Yes
- changing or replacing important system files
Yes
or any system changes which maybe take to instability operating system normal functionality..
Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.
Logging – Connection to share on computer???
Sorry it was incorrect.
Logging – Connection to share folder on agent's computer?
Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.
03-17-2010 11:07 AM
you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.
03-18-2010 06:17 PM
Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....
We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.
I hope that helps,
-dt
03-17-2010 05:59 AM
Logging - File copy from local drive to removable storages
Yes
Logging - File copy from network drive to removable disk
Yes
Logging – System parameters change
Don't know what you are referring to...registry changes ?
Logging – Connection to share on computer???
What do you mean, just the actual attempt to connect to the machine, or the accessing of data on the share ?
03-17-2010 06:14 AM
Thank you for quick reply..
Logging – System parameters change
I am referring that
-registry changes
- changing or replacing important system files
or any system changes which maybe take to instability operating system normal functionality..
Logging – Connection to share on computer???
Sorry it was incorrect.
Logging – Connection to share folder on agent's computer?
03-17-2010 09:19 AM
Logging – System parameters change
-registry changes
Yes
- changing or replacing important system files
Yes
or any system changes which maybe take to instability operating system normal functionality..
Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.
Logging – Connection to share on computer???
Sorry it was incorrect.
Logging – Connection to share folder on agent's computer?
Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.
03-17-2010 11:07 AM
you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.
03-18-2010 06:17 PM
Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....
We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.
I hope that helps,
-dt
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: