GANYMEDE + Administration audit log

Hello

I work as an internal auditor in the Bank and I have doubts about something on the logs generated by TACAS + looking for someone help on this.

My cocern is changes in firewall that triggered the Ganymede administration +, it shows you regarding the addition of a group (objects) as destination as a specific Source IP address. What happens if I need more details on the prviliages of Web objects that I add this source, how do I identify these changes?

Looks like you want to see what the destination user added in the purpose of the network. Well, if ASA is configured accounting and the authorizataion command, then you can see that the command executed by the user logged in administration Ganymede.

Could you please get the output of the command run HS | in the aaa?

Kind regards

Jousset

The rate of useful messages-

Tags: Cisco Security

Similar Questions

  • I get the error message "security log is full, only an administrator can log in to solve the problem."

    On a windows machine XP after putting in place the machine administrator and when trying to connect as a user, I get the error message "security log is full, only an administrator can log in to solve the problem." I know how to solve this problem by going to the event viewer, by selecting the security log and by setting the journal to "ignore the events as needed", but I would like to create a script that will do this automatically for me.

    so far my research revealed that the value of the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "MaxSize" controls this setting and changing the value default DWORD_VALUE to 0 x 01000000 to 0 x 00000000, change is possible. Well, when I did it in regedit, nothing has changed in the security log properties, the default setting of 'remove older items after 7 days' remained the same.

    Can someone tell me what registry key, I need to change in order to make this change? Keep in mind im trying to include this in a script.

    Thank you

    Hi teddorosheff,

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please ask your question in the following forum.

    Windows Vista IT Pro

  • My Administration event log is 8000 + and new errors every day. Windows Explorer stops responding, how can I stop this?

    OT: my Administration event log is 8000 + and new errors every day. How can I stop this?

    My ACER laptop running VISTA family premium has many errors I do not understand why and don't know how to stop.

    Is how important it? Is this normal? Should I post each event with details to see if it can be interrupted?

    For example my lap top works generally OK but Explorer windows (explorer.exe) crashes with a message that it fails and restarts. The error code and events are

    Error 01/03/11 10:04:22 Application Error 1000 (100)

    Application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79, exception code 0xc000000d, offset error 0x00008aa0, process id 0 x 624, failed failed application start 0x01cbaad15a2d1273.

    Thanks if you can help

    Hi Tricsim,

    Since when are you facing this problem?

    There could be several causes for this problem; I suggest you try the following steps to correct the problem:

    Method 1: Auditor of file system (CFS) scan to fix all of the corrupted system files. To do this, follow the steps mentioned in the link below:

    How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7

    http://support.Microsoft.com/kb/929833

    Method 2: Put the computer to boot and then check if the problem persists

    Follow step 1 in the link below,
    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

    If everything works well after a clean boot, you can deduce that some third-party services are at the origin of the problem.

    Continue with the remaining steps to pin-point on the third party service.
    After find you the program that is causing the problem, you will have to perhaps to update or install a newer version of the program, if you rarely use that you should consider uninstalling the software.

    Important: n ' forget not to put the computer to a normal startup follow step 7 in the link.

    Method 3: You can follow the steps described in the article below

    Error message when you log on to Windows Vista: "Windows Explorer has stopped working".

    http://support.Microsoft.com/kb/937093

    Thanks and greetings
    Ajay K
    Microsoft Answers Support Engineer
    ***************************************************************************
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Activate the user audit logs and hide the other audit logs account system on computers in a domain by using Group Policy

    Hello

    Please could someone advise me on how to activate the user audit logs and hide the other audit logs account system on computers in a domain by using Group Policy. Your help would be much appreciated.

    Kind regards

    RocknRollTim

    Hello

    Please contact Microsoft Community.

    We have a specific forum for the computers in the domain and they are experts in this field of investigation and would be in a better position to address the concerns. So refer to the link below and post your query on the TechNet Forums.

    https://social.technet.Microsoft.com/forums/en-us/home

    I hope this helps. If you have any questions on Windows, please answer. We will be happy to help you.

  • How can I see and record Print audit log Server 2008 AD

    We want to know how to check and record the audit log printing to network printer connected with managed print services to the server active directory 2008 and also to authenticate the basic possible print AD?

    Hello

    The question you posted would be better suited in the community pro Windows 2008.
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

  • AUDIT log can be found in DBA_AUDIT_TRAIL! where can I find it.

    Nice day

    Working on Oracle application 12.1.3

    DB 11.2.0.3

    OS Linux 6

    When I try to use enterprise manager or sql command audit, any activity on specific table

    "

    SELECT AUDIT

    ON hr.employees

    WHENEVER IT FAILS;

    "

    Audit succeeded.

    I could not found the audit log in DBA_AUDIT_TRAIL.

    I need to know where to find the audit log to show the new activity for the table.


    Concerning

    Implement the requirements.

    Understand the audit data in the Tables of the Oracle Applications using the (mandatory) Audit Trail (Doc ID 69660.1)

    How to track changes to Oracle E-Business Suite (Doc ID 1262586.1)

    FAQ (Audit trail) (Doc ID 107330.1)

    Thank you

    Hussein

  • Where is the audit log?

    I have a need to run a report on the data in the audit trail for changes to the CMDB, but I have some difficulty to find where the audit log is stored.
    I would have thought it was ar_audit look, but who turned out be wrong.
    Have you tried to find in the schema data, but without success.
    Anyone know where it is stored?
    ThanX

    Just checked - records to audit for these fields are placed in the SU_EXTENSION_AUDIT table. In any case the RV_CI_AUDIT_TRAIL view should display them as well. BTW, I use v.9.1.5 VSM and other versions may behave differently.

  • Alert & Audit Log purge script example

    Hi Experts,

    Can someone point to examples of scripts for

    1 alert & purge the audit log?

    2. rotation of log listener?

    I'm sorry if issues look too naïve, I'm new to DBA activities; pls let me know if more details are needed.

    From now the script must be independent of the versions/platforms

    Kind regards

    34MCA2K2 wrote:

    Thank you very much for your answer!

    If auditing is enabled in Oracle, it generates newspapers or she inserts into a SYS. Table?

    Well, that your settings initialization of the 'check' show?

    For the newspaper of the listener "rotation", just rename listener.log to something else (there is an OS command for that), then bounce the listener.

    You don't want to purge the log of alerts you want to 'rotate' as well.  Just rename the existing file to something else. (there is an OS command for this)

    So this has to be managed at the level of operating system instead of having a utility. Also if this is the case, this must be done when the database is stopped in right?

    No, the database doesn't have to be stopped to rotate the log of the listener.  The database does not give a flying fig on the log of the listener.

    No, the database doesn't have to be stopped to rotate the log of alerts.  If the alert log is not there when he needs to write for her, it will just start a new.  BTW, since 11g, there are two newspapers to alert... the old familiar, now located in $ORACLE_BASE/diag/rdbms / $ORACLE_SID / $ORACLE_SID/trace and the xml file used by adrci.  There are orders adrci and configurations to manage it.

    Yet once again, I leave the details as exercise for the student to exercise his research skills.

    Please confirm my interpretation.

    Thanks in advance!

  • Deleting old Audit logs

    Hi all

    In our Organization, as in the data retention policy we have to keep checking for only 4 years. Now he must clean all old checks before that. So basically, if an account was created 5 years back, we must keep checking only for the last 4 years and remove auditing for one year.

    Any suggestions how we can achieve this?


    Thank you
    Gerard

    Have you looked into the STANDARD audit log maintenance task: http://download.oracle.com/docs/cd/E19225-01/820-5822/byaua/index.html

    You should be able to delete data prior to X.

    I hope this helps.

  • location on the system of audit logs on the windows system

    Hello

    What is the location on the System Audit logs on the windows system? I couldn't find any newspaper to < intradoc_dir > / bin directory?

    Thank you

    Hello

    IdcServerNT.log is the one that corresponds to audit logs of system that is defined for the AAU.

    Thank you
    Srinath

  • When I turn on my dell computer vostro 1700 with windows 7, I get a pop up box in the lower right corner that says "complete audit log. What should I do?

    Windows 7 log in

    Hi tmmjr,

    Welcome to the Microsoft Answers community.

    a. Since when are you facing this problem?
    b. did you change to your computer recently?

    Perform the clean boot on your computer and check.

    From your computer by using a minimal set of drivers and startup programs so that you can determine if a background program is interfering with your game or program. This type of boot is known as a "clean boot".

    To perform a clean boot on a computer, follow these steps.

    1. click on start, type msconfig in the search box and press ENTER.
     
    If you are prompted for an administrator password or a confirmation, type the password, or click on continue.
     
    2. in the general tab, click Selective startup.
    3. under Selective startup, clear the check box load startup items.
    4. click on the Services tab, select the hide all Microsoft Services check box, and then click Disable all.
    5. click on OK.
    6. When you are prompted, click on restart.
    7. after the computer starts, check if the problem is resolved.

    Please follow the system in the boot environment. If the problem does not occur, it indicates that the problem is related to an application or a service, we have disabled. You can use the MSCONFIG tool again to reactivate the disabled one by one element to find the culprit.
     
    If your issue is resolved, follow the how to determine what is causing the problem section in KB article to narrow down the exact source.
    http://support.microsoft.com/kb/331796 . In addition, refer to the section on how to restore your computer to a Normal startup mode

    Hope this information is useful.
    Let me know if it worked.

    Thank you, and in what concerns:
    Umesh P - Microsoft Support

  • The success of the Audit log

    As far as I know, NMS is not able to connect to success of security in the security event log. Y at - it an update is available to enable this feature?

    Hi guys,.

    We collect natively success of the Audit. You can check if someone has posted this in the section of the community. If this isn't the case, feel free to add if others can vote on this as well.

    Thank you.

  • GANYMEDE + Administration problem reports

    Once we improved GBA to 4.1 Build 23 (1) 3.3.4 we no longer get the information in the report of Administration GANYMEDE files +.

    AAA new-model

    AAA-authentication failure message ^ CC connection failed, Please Try Again. ^ C

    prompt password authentication AAA Non_TACACS_Password:

    AAA-guest authentication username Non_TACACS_Username:

    AAA authentication login default group Ganymede + local

    AAA authentication login no_tacacs local

    the AAA authentication enable default group Ganymede + activate

    AAA authorization config-commands

    AAA authorization exec default group Ganymede + local

    AAA authorization commands 0 default group Ganymede + local

    AAA authorization commands 1 default group Ganymede + local

    AAA authorization commands 15 default group Ganymede + local

    AAA authorization network default group Ganymede +.

    AAA accounting exec default start-stop Ganymede group.

    orders accounting AAA 0 arrhythmic default group Ganymede +.

    orders accounting AAA 0 NetAdmins arrhythmic group Ganymede +.

    orders accounting AAA 1 by default start-stop Ganymede group.

    orders accounting AAA 7 by default start-stop Ganymede group.

    orders accounting AAA 15 by default start-stop Ganymede group.

    AAA accounting system default start-stop Ganymede group.

    Hello

    It is a known issue, you must apply the hotfix ACS 4.1.1.23.5 to solve the problem.

    Patch for the unit is available on

    http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

    The patch name: ACS SE 4.1.1.23.5 rollup

    Patch for windows acs is available on

    http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES

    The patch name: ACS 4.1.1.23.5 rollup

    That should solve the problem

    Kind regards

    Jagdeep

    Note: If this answers your question, then please mark this thread as solved, so that others can benefit from.

  • Journal Alerts rotation/OS Audit log rotation

    Hi all

    Is this by far that I can fix it my audit and alert log size of 100 MB and it will just reuse or turn around it?

    Or he can manipulate through programs of the OS?

    Thank you

    zxy

    You can limit the size of check OS file using the package called DBMS_AUDIT_MGMT

    Reference http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_audit_mgmt.htm

    However, for the alert limit log file size, you must configure a job of the OS, which periodically checks the size of the alert log file and then made a change from the alert log file name.

  • The substitution of an administrator password/Logging in as an adminstartor

    I inherited a computer from a friend, but it is an 'administrator' on the computer that prevents me to download programs (such as the latest version of iTunes)...  How can I replace the administrator or to understand what the password is for which the account?

    Hello

    Responses cannot help with password lost or forgotten by Microsoft Policy.

    Keep secure passwords - Microsoft strategy on move the passwords
    http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-security/keeping-passwords-secure-Microsoft-policy-on/39f56ef0-5d68-41AD-9daa-6e6019c25d37

    What to do if you forget your Windows password (Vista and Windows 7)
    http://Windows.Microsoft.com/en-us/Windows-Vista/what-to-do-if-you-forget-your-Windows-password

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

Maybe you are looking for

  • TDMS file creates several tabs data. You want to create only one.

    Hello NOR community, I am currently using the DAQ Assistant with my pots of chain record travel over a long time interval (see annex VI). I then use the vi "Write to a file as" to save the data in a file TDMS (see 'Write the file settings' photo atta

  • How can I create a boot CD for Windows XP Media Center Edition 2005?

    It is already installed, but I don't have a boot disk and plan on formatting the computer soon, I already backed up, I just need to know how to create a bootable CD. In addition, in case it is important, I have the C:\i386 folder.

  • Can't remove read only attribute even using the command "Attrib - r".

    I have my computer laptop configuration to dual boot Windows Vista and Windows 7.  I installed Windows 7 to see Vista, images, music files and videos Documents in its libraries.  These four files have become read recently that in Vista, and I can't r

  • DROID: Turn off the startup sound?

    Is it possible to disable the sound of starting on the DROID? I like that I have the best phone in the history of the known universe, but sometimes I need to turn it on without announcing this fact to the whole world (as when I'm in a boring meeting

  • M9452p hard drive upgrade

    Right now I have a default installed HP Hitachi SATAII HDS721075KLA330 hard drive (750 GB).  I would like to know if there are limits to what an hd upgrade might be?  I am thinking for example a 64 MB/s 2 to disk 7200 RPM.