This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console User Logs

All,

I'm trying to figure out how to keep track of SEC user logs. When I say users I mean the users I give access to the sophos console itself. I want to be able to track when a user cleans up a threat or makes a policy change. I read up on the auditing feature (which I currently have disabled). Is that what I'm looking for? From what I was reading it just looked like data on the events and users/machines related to sophos evenets and not so much the actual "admins" performing actions in the SEC. Does anyone currently do this with their SEC implementation?

Thank You

This thread was automatically locked due to age.

Parents

0 jak over 11 years ago

HI,
Auditing is what you require, more info:
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_auditeng.pdf
Note: I also add extra views to the SophosSecurity (the auditing database) by running:
C:\sec_[version]\ServerInstaller\DB\Core\SophosSecurityExperimental.sql
E.g.
sqlcmd -E -S .\sophos -d SophosSecurity -i C:\sec_[version]\ServerInstaller\DB\Core\SophosSecurityExperimental.sql
Regards,
Jak
:52973
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 11 years ago

HI,
Auditing is what you require, more info:
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sec_52_auditeng.pdf
Note: I also add extra views to the SophosSecurity (the auditing database) by running:
C:\sec_[version]\ServerInstaller\DB\Core\SophosSecurityExperimental.sql
E.g.
sqlcmd -E -S .\sophos -d SophosSecurity -i C:\sec_[version]\ServerInstaller\DB\Core\SophosSecurityExperimental.sql
Regards,
Jak
:52973
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data