Security logging for traceability

Forum / General Discussions / Security logging for traceability

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #49746
    Steve92
    Participant

    Hello,

    For some sensitive environments, we would need a legal security logging (traceability).

    Objectives:

    – Record events to detect security incidents.
    – Be able to check if environments have been compromised
    – Get informations for forensic

    Example of needed info:

    – Who ? User Id
    – When ? Date
    – From where ? source IP address
    – To where ? destination IP address
    – Protocol ?
    – Authentication failures
    – Settings modified by admin (date, name of the modified parameter…)

    How can we get such info with NoMachine ?
    Is !M cloud solution mandatory ?
    How can we collect these infos and send them to a SIEM ?

    Do you have the list of events and infos that can be logged ?

    Thanks,

    Steve.

    #49786
    Britgirl
    Keymaster

    You can use sudo /etc/NX/nxserver --history and also sudo /etc/NX/nxserver --history --verbose

    --history
    Display, Username, Remote IP, Session ID, Date, Status, Node, Type

    --history --verbose
    Display, Type, Session ID, Services, Depth, Screensize, Status, Session name, Username, Platform, Users, Date

    Also sudo /etc/NX/nxserver --history --stats will give information about session numbers and users connected.

    The is also “server statistics” in the Server panel of the UI (Settings > Status). This will give you information at a glance. All of the Enterprise configuration guides have a section dedicated “Session Management”. For example, here: https://kb.nomachine.com/DT07T00258#12. The Cloud Server isn’t mandatory, it all depends on what your specific requirements are.

    In version 9, there are going to be improvements to the --history in general, making it easier for admins to parse this information for forensic reasons.

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.