How can you generate the commands being executed on the target UNIX machine, once a Ad-Hoc Query or CCS Job is implemented?

Article Id: 157857
Status: Published
Updated On: 11-10-2017 09:02
Legacy Id: TECH204604
Products:
Control Compliance Suite Windows
Issue/Introduction:

Need to track all of the commands that occur in a unix agentless connection.

 

Resolution:

In order to view the commands a log file needs to be created.  Registry keys are created on the CCS Manager to produce this file. 

A log file called BvCUProductCommands.log  will be created in the following folder:  %ProgramData%\Symantec.CSM\Logs\CCSManager\DCInfra (The location could differ depending on the installation Directory)
 

WARNING:  Always backup the registry prior to making any changes.


Registry keys to change\create on the CCS Manager having UNIX data collection role:


              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BindView\bv-Control\UNIXShared\Logger\] .......If path is not already created, create Key path manually.

In the Logger key folder, create a new entry as REG_DWORD called "LogCommands"
       Set the value equal to 1 

In the Logger key folder, create a new entry as REG_DWORD called "LogLevel"
       Set the value to FF (HEX)

You will need to restart the CCS Manager and the DPS service  for this to take effect.

 

NOTE:The attached file UNIXShared_Logger Keys.txt can also be used to import the required settings into the CCS Manager Registry. See attached document for screenshots and instructions on using this file.

 

 

Applies To

 

Control Compliance Suite 11.x

insert_drive_file UNIXShared_Logger Keys.txt
arrow_downward Download
insert_drive_file BvCUProductCommands.log Captured Unix Commands.docx
arrow_downward Download