Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  How to audit CLI output executed by an admin

    Posted 06-20-2022 08:47
    Hi,
    Im not sure if this is turned on by default or it has to be saved or recorded manually.

    I would like to obtain these cli activity logs (e.g commands executed by an admin using the impcfg cli command) for auditing purposes.

    -Is this enabled or saved by default? What is the directory?
    -If not enabled by default, do we need to create a custom policies with action set saved locally? (e.g: there is no syslog in place)

    Thanks,
    Leangf
    #AllImperva

    ------------------------------
    Angfe Landagan
    Senior Solutions Engineer
    Philippines
    ------------------------------


  • 2.  RE: How to audit CLI output executed by an admin

    Posted 06-20-2022 11:20

    Hi Angfe, 

    Thanks for posting. Could you let me know which product(s) you are referring to? This will allow me to add tags to help your post reach fellow users.

    Thanks,



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------



  • 3.  RE: How to audit CLI output executed by an admin

    Posted 06-20-2022 11:39
    Hello Sarah, 
    This is for the WAF / DAM On-prem devices. 

    Thank you.
    Leangf


  • 4.  RE: How to audit CLI output executed by an admin

    Posted 06-20-2022 11:46
    Okay, great! I have added those tags so that the relevant users will be notified.

    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------



  • 5.  RE: How to audit CLI output executed by an admin

    Posted 06-27-2022 02:03
    Hi,
    Anyone checked on this one? May i know what log files or folders  to look into on the MX or GW?

    I couldnt find any on the MX Tech info and GW.

    Thanks,


  • 6.  RE: How to audit CLI output executed by an admin

    Posted 06-27-2022 06:36
      |   view attached
    Hi,

    Try this one - it's not a perfect solution, but working.



    ------------------------------
    Karol Gruszczyński
    IT Security Expert
    Trafford IT
    Warsaw
    ------------------------------