This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-10-10 02:37 AM

Auditlogs of use of lsmaint and lsdata?

Our Audit guys are somewhat troubled that there is no auditing of the use of lsmaint and lsdata (as far as I know at least). Of course it could be debated how useful that would be, but if use of these tools would be logged in for example the event log then at least there is a possibility to store these in a secure location. Anything that is planned?

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2008-10-15 04:09 PM

Hello Pasi,

 

The catch here is that lsdata and lsmaint are command line utilities outside the envision product itself.   The simple act of running a command line executable does not generate a windows event log (or any log for that matter).

 

The best way I can think of handling this is to turn on file/object auditing for both of those executable files and then read in the enVision appliance's own Windows logs.  This should generate a Security_592_Security event whenever one of those files is executed.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.