Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Logging of SP console access

from [Sergey V Soldatov] Network Security [Permanent Link]
Subject: RE: [ISSForum] Logging of SP console access
Date: Fri, 19 Nov 2004 09:08:02 +0300 

AFAIK, no other means :-((. But we will be looking forward for new releases
to give as such ability.

_Please_, correct me if I'm wrong.

---
Best regards, Sergey V. Soldatov.
Information security department.


                                                                                
                                    
              "Dan Widger"                                                      
                                    
              <DWidger@landata.com>            To:       "Sergey V Soldatov" 
<SVSoldatov@tnk.ru>, <kfreese@kpmg.com 
              Sent by:                         cc:       
"issforum@atla-mm1.iss.net" <issforum@iss.net>,            
              issforum-bounces@iss.net          issforum-bounces@iss.net        
                                    
                                               Subject:  RE: [ISSForum] Logging 
of SP console access                
                                                                                
                                    
              18.11.2004 19:58                                                  
                                    
                                                                                
                                    
                                                                                
                                    




Is there other means of tracing SP console access?  In my environment
(and to my preference) I don't have access to the SQL db.  Is there a
mechanism through the Console to run a report on this, or some external
utility that would provide this information?

danw

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On
Behalf Of Sergey V Soldatov
Sent: Wednesday, November 17, 2004 9:37 AM
To: kfreese@kpmg.com
Cc: issforum-bounces@iss.net; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Logging of SP console access


You can get to know who had accessed SP through console. Try this.

SELECT
         ADT.AuditTrailID, ADT.AuditTime, ADT.Username, ADC.EventDesc,
ADI.ParamName, ADI.ParamValue
         from AuditTrail as ADT
JOIN AuditInfo as ADI
         on ADT.AuditTrailID = ADI.AuditTrailID
JOIN AuditEventCMD as ADC
         on ADT.AuditEventCMDID = ADC.AuditEventCMDID
-- AuditEventCMDID 5 = console login, 6 = console logout
WHERE ADT.AuditEventCMDID IN (5, 6)

Hope it's what you need.
Good luck!
---
Best regards, Sergey V. Soldatov.
Information security department.




              "Ballerini, Jean Paul

              (ISS EMEA)"                      To:       "Freese, Kai"
<kfreese@kpmg.com>,
              <JPBallerini@iss.net>
"issforum@atla-mm1.iss.net" <issforum@iss.net>
              Sent by:                         cc:

              issforum-bounces@iss.net         Subject:  RE: [ISSForum]
Logging of SP console access




              17.11.2004 11:05









Kai,

This is coming with SP5.

Jean Paul

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Freese, Kai
Sent: Monday, November 15, 2004 4:15 PM
To: issforum@atla-mm1.iss.net
Subject: [ISSForum] Logging of SP console access

Hi all,

does anybody know, is anywhere a log where I can find informations about
who has accessed the SP console?

Thanks in advance

Kai






--
Die Information in dieser eMail ist vertraulich und kann dem
Berufsgeheimnis unterliegen. Sie ist ausschliesslich fuer den Adressaten
bestimmt. Jeglicher Zugriff auf diese eMail durch andere Personen als
den Adressaten ist untersagt. Sollten Sie nicht der fuer diese eMail
bestimmte Adressat sein, ist Ihnen jede Veroeffentlichung,
Vervielfaeltigung oder Weitergabe wie auch das Ergreifen oder
Unterlassen von Massnahmen im Vertrauen auf erlangte Information
untersagt. In dieser eMail enthaltene Meinungen oder Empfehlungen
unterliegen den Bedingungen des jeweiligen Mandatsverhaeltnisses mit dem
Adressaten.

The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and may be
unlawful. Any opinions or advice contained in this email are subject to
the terms and conditions expressed in the governing KPMG client
engagement letter.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ISSForum] Reducing the number of events, Ballerini, Jean Paul (ISS EMEA)
Next by Date:  [Re: [ISSForum] Site Protector Database structure], KJaeger
Previous by Thread:  RE: [ISSForum] Logging of SP console access, Dan Widger
Next by Thread:  [ISSForum] Request Server Sensors to Ignore ALL Traffic from Approved ISS Inet Scanners, Dan Widger
Indexes:  [Date] [Thread] [Top] [All Lists]