Re: ISS RS: logs exploitation

[jphoyt]

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

     EL:
     
     "Properly" switching the rsntclientlog.mdb file only depends on 
     whether the file is open at the time. On our master console (also in a 
     secure environment) I have a script that runs periodically to do so. 
     It checks to see whether rsntclientlog.ldb exists in the RealSecure 
     directory. If it does, then the .mdb file is currently open, and the 
     script sleeps for a period of time(say 15 minutes) and then checks 
     again, (up to 10 times). If it finds that the .ldb file doesn't exist, 
     then it swaps the .mdb file out, renames it to include a timestamp, 
     and copies in a fresh, empty .mdb file. If you have SafeSuite 
     Decisions, you can also have the script check to see if the last 
     record in the .mdb file has been "pulled" up to SSD in the same check.
     
     One of the keys here is that the master console is in a secure 
     environment, and so the GUI console is generally not run on it. (As 
     long as the GUI console is running, the .ldb file exists, and the .mdb 
     file is open for read/write.) All routine engine management tasks are 
     accomplished using the enginemgr.exe CLI tool and the NT task 
     scheduler.

Regards,

-Jim

______________________________ Reply Separator _________________________________
Subject: ISS RS: logs exploitation
Author:  section.securite ([EMAIL PROTECTED]) at INTERNET
Date:    03/30/2000 5:16 PM


     
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to 
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems! 
----------------------------------------------------------------------------
     
     
  Hi there,
     
Could anybody help me regarding the different options you have to introduce 
some automation within Real Secure for log reporting ?
The problem I have is that the MDB file is stored on the master console (in 
a secured environment) and I would like to be able to upload a "switched" db 
log file to another console for daily reports and analysis. I think of 
different methods for the transfer (SSH Secure Copy e.g.) but the real 
problem I see is the way to switch properly the MDB file (like the 
'logswitch' for CheckPoint).
I would really appreciate if someone having set up such a method could give 
me some tips.
     
EL
______________________________________________________ 
Get Your Private, Free Email at http://www.hotmail.com