How can you generate the commands being executed on the target UNIX machine, once a Ad-Hoc Query or CCS Job is implemented?

book

Article ID: 157857

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

Need to track all of the commands that occur in a unix agentless connection.

 

Resolution

In order to view the commands a log file needs to be created.  Registry keys are created on the CCS Manager to produce this file. 

A log file called BvCUProductCommands.log  will be created in the following folder:  %ProgramData%\Symantec.CSM\Logs\CCSManager\DCInfra (The location could differ depending on the installation Directory)
 

WARNING:  Always backup the registry prior to making any changes.


Registry keys to change\create on the CCS Manager having UNIX data collection role:


              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BindView\bv-Control\UNIXShared\Logger\] .......If path is not already created, create Key path manually.

In the Logger key folder, create a new entry as REG_DWORD called "LogCommands"
       Set the value equal to 1 

In the Logger key folder, create a new entry as REG_DWORD called "LogLevel"
       Set the value to FF (HEX)

You will need to restart the CCS Manager and the DPS service  for this to take effect.

 

NOTE:The attached file UNIXShared_Logger Keys.txt can also be used to import the required settings into the CCS Manager Registry. See attached document for screenshots and instructions on using this file.

 

 

Applies To

 

Control Compliance Suite 11.x

Attachments

UNIXShared_Logger Keys.txt get_app
BvCUProductCommands.log Captured Unix Commands.docx get_app