Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Security Agent - CSA Logging features

Please, I need yours help.

I have some questions which must be answered ASAP.

Is it possible

Logging - File copy from local drive to removable storages

Logging - File copy from network drive to removable disk

Logging – System parameters change

Logging – Connection to share on computer???

Everyone's tags (3)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Cisco Security Agent - CSA Logging features

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.

Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

Re: Cisco Security Agent - CSA Logging features

you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.

New Member

Re: Cisco Security Agent - CSA Logging features

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....

We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.

I hope that helps,

-dt

5 REPLIES

Re: Cisco Security Agent - CSA Logging features

Logging - File copy from local  drive to removable storages

Yes

Logging - File copy from network drive to removable disk

Yes

Logging – System parameters change

Don't know what you are referring to...registry changes ?

Logging – Connection to share on  computer???

What do you mean, just the actual attempt to connect to the machine, or the accessing of data on the share ?

New Member

Re: Cisco Security Agent - CSA Logging features

Thank you for quick reply..

Logging – System parameters change

I am referring that

  -registry changes

  - changing or replacing important system files

  or any system changes which maybe take to instability operating system normal functionality..

Logging – Connection to share on  computer???

Sorry it was incorrect.

Logging – Connection to share folder on agent's computer?

Re: Cisco Security Agent - CSA Logging features

Logging – System parameters change

   -registry changes

Yes

  - changing or replacing important system  files

Yes

  or any system changes which maybe take to instability  operating system normal functionality..

Much harder, since this is a million different ways an o/s could become unstable, but looking at certain system registry keys and system/system32 directories will give you alot of information you are looking for.

Logging – Connection to share on   computer???

Sorry it was incorrect.

Logging – Connection  to share folder on agent's computer?

Yes, you can log read/write access to a local folder which is shared, and with source @network in your rules, the actual attempt to connect to the share is probably a bit more difficult.

Re: Cisco Security Agent - CSA Logging features

you could monitor connections on port 445 from @network, that would tell you if they're connected to a windows share, but not *which* windows share.

New Member

Re: Cisco Security Agent - CSA Logging features

Actually you can monitor... if an event is logged into the Windows event logger, CSA can log that event as well....

We used the event logger to pull specific event log information into out CSA logs.. like, login and logout and disk errors.

I hope that helps,

-dt

1328
Views
0
Helpful
5
Replies
CreatePlease to create content