Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] SiteProtector user login auditing

from [Soldatov, Sergey V.] Network Security [Permanent Link]
Subject: RE: [ISSForum] SiteProtector user login auditing
Date: Mon, 6 Jun 2005 09:10:00 +0400 
As I've undestood you're going to track who was lodded in/out into
console...
Here is an Robert Duncanson's answer on this question some months ago:

The only thing stored in the database is the audit trail, but not actual
sessions. You might be able to query the audit trail like this:

SELECT
         ADT.AuditTrailID, ADT.AuditTime, ADT.Username, ADC.EventDesc,
ADI.ParamName, ADI.ParamValue
         from AuditTrail as ADT
JOIN AuditInfo as ADI
         on ADT.AuditTrailID = ADI.AuditTrailID
JOIN AuditEventCMD as ADC
         on ADT.AuditEventCMDID = ADC.AuditEventCMDID
-- AuditEventCMDID 5 = console login, 6 = console logout
WHERE ADT.AuditEventCMDID IN (5, 6)

Hope, this is what you need. Good luck.
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 
tel +7 095 777 77 07 (1613) 


-----Original Message-----
From: issforum-bounces@iss.net 
[mailto:issforum-bounces@iss.net] On Behalf Of Doug.Janelle@Thermo.com
Sent: Tuesday, May 31, 2005 5:45 PM
To: Tim Beatty
Cc: issforum@iss.net
Subject: Re: [ISSForum] SiteProtector user login auditing



You could do a port scan (netstat, tcpview, et. al) on the 
management server and see what connections to port 3998 are 
open, Not sure this is what you were looking for, but might 
be helpful to know who is logged in to a SP session.

dcj2





To:   issforum@iss.net
cc:    (bcc: Doug Janelle/Inc/Jouan)
Subject:  [ISSForum] SiteProtector user login auditing


Is it possible to trace user logins to SiteProtector?

Thank-you,
Tim Beatty


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet 
Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] which ports are used site ? I see only the 2998 port in the Firewall, hic sonni
Next by Date:  [ISSForum] IIS webserver outage (System Scanner XPU 36 update), neil . laporte
Previous by Thread:  Re: [ISSForum] SiteProtector user login auditing, Go_ISS
Next by Thread:  FW: [ISSForum] Multiple SNMP trap receivers, Sanford Whitehouse
Indexes:  [Date] [Thread] [Top] [All Lists]