How can you generate the commands being executed on the target UNIX machine, once a Ad-Hoc Query or CCS Job is implemented?
search cancel

How can you generate the commands being executed on the target UNIX machine, once a Ad-Hoc Query or CCS Job is implemented?

book

Article ID: 157857

calendar_today

Updated On:

Products

Control Compliance Suite Control Compliance Suite Standards Server Control Compliance Suite Standards Module

Issue/Introduction

Control Compliance Suite

You would like to track all of the commands that occur in an agentless connection to a Unix\Linux asset.

Or

You need to troubleshoot what is happening with a check.

 

Environment

CCS 12.6.x

Resolution

In order to view the commands a log file needs to be created.  Registry keys need to be added on the CCS Manager to produce this file. 

A log file called BvCUProductCommands.log  will be created in the following folder:  %ProgramData%\Symantec.CSM\Logs\CCSManager\DCInfra (The location could differ depending on the installation Directory)
Note that the majority of the commands data will still be stored in the BvCURDCCore.log and BvCUWinRDCCore.log.
 

WARNING:  Always backup the registry prior to making any changes.


Registry keys to change\create on the CCS Manager having UNIX data collection role:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BindView\bv-Control\UNIXShared\Logger\] .......If the path is not already created, create the Key path manually.

In the Logger key folder, create a new entry as REG_DWORD called "LogCommands"
       Set the value equal to 1 

In the Logger key folder, create a new entry as REG_DWORD called "LogLevel"
       Set the value to FF (HEX)

You will need to restart the CCS Manager and the DPS service for this to take effect.

 

NOTE: The attached file UNIXShared_Logger Keys.txt can also be used to import the required settings into the CCS Manager Registry. See the attached document for screenshots and instructions on using this file.

Attachments

UNIXShared_Logger Keys.txt get_app
BvCUProductCommands.log Captured Unix Commands.docx get_app