Security logging for traceability

[Steve92]

Hello,

For some sensitive environments, we would need a legal security logging (traceability).

Objectives:

– Record events to detect security incidents.
– Be able to check if environments have been compromised
– Get informations for forensic

Example of needed info:

– Who ? User Id
– When ? Date
– From where ? source IP address
– To where ? destination IP address
– Protocol ?
– Authentication failures
– Settings modified by admin (date, name of the modified parameter…)

How can we get such info with NoMachine ?
Is !M cloud solution mandatory ?
How can we collect these infos and send them to a SIEM ?

Do you have the list of events and infos that can be logged ?

Thanks,

Steve.

[Britgirl]

You can use sudo /etc/NX/nxserver --history and also sudo /etc/NX/nxserver --history --verbose

--history
Display, Username, Remote IP, Session ID, Date, Status, Node, Type

--history --verbose
Display, Type, Session ID, Services, Depth, Screensize, Status, Session name, Username, Platform, Users, Date

Also sudo /etc/NX/nxserver --history --stats will give information about session numbers and users connected.

The is also “server statistics” in the Server panel of the UI (Settings > Status). This will give you information at a glance. All of the Enterprise configuration guides have a section dedicated “Session Management”. For example, here: https://kb.nomachine.com/DT07T00258#12. The Cloud Server isn’t mandatory, it all depends on what your specific requirements are.

In version 9, there are going to be improvements to the --history in general, making it easier for admins to parse this information for forensic reasons.

[Author]

Posts