Symantec Security Expressions Server manual Options, Default

Page 55

Audit-On-Connect

Comma-Separated List of Servers

Includes the names of the audit servers. A comma separates each server name.

Options

The Options section of the configuration file contains any settings needed to control the Connection Monitors, such as enabling logging and identifying the location and name of the log file.

Port

The port you want a connection monitor to use to communicate with the server software. This entry must match the server's configuration, which is 9009.

LogEnable

Typing True turns logging on. Typing False turns logging off.

LogFile

Identifies the log file location and file name.

Password

Add the encrypted password.

DropPXE

Enables you to ignore PXE DHCP requests if using the DHCP Network Connection Monitor or Microsoft DHCP Server Connection Monitor. When the PXE gets a DHCP request, Audit-on- Connect is triggered. When PXE is done and Windows restarts, Audit-on-Connect is triggered once more, not necessarily using the same IP address.

If set to 1, PXE DHCP packets are ignored. If set to 0, they are processed.

Default

The Default section identifies all IP addresses not previously placed in one of the IP range groups.

IPRange

Set to default.

AuditServers

Comma-separated name of the servers.

DistributionMethod

Set to Round Robin or First Available.

47

Image 55

Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsViewing Audit Results SetupDatabase Connection Windows 2000 Servers Secure ConnectionCredential Store User Click OK on the Default Web Site Properties windowCreating Credential Stores Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesLibrary Synchronization Policy File LibraryCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesDefault method for remote execution on Windows Agent & Service ConfigurationTarget Options SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesSite Preferences Agent DownloadsClick Use the Following Agreement Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesOrg Unit Scopes Supported FunctionsDetection Method Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsRemove Configuring Connection MonitorsEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultConfiguration File Syntax Processing the Configuration FileActive Directory Active Directory Connection Monitor only Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedRedirection Web Page Behavior Audit on Connect TracingAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage Browse Audit Results View Audit ResultsAdding a New Audit Results Report Profile Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights