Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
81828384858687888990
87
Logs can also be searched and viewed to show errors received from Nessus, the LCE, and the PVS. In the example
below, a keyword of “plugin” was used in conjunction with a severity of “Critical” to list errors related to the updates of PVS
plugins:
The flat ASCII log file used to store the customer activity data is rolled over every month and may be archived in
accordance with local site backup procedures. For example, a log file for the month of November 2012 would be named
/opt/sc4/orgs/1/logs/201211.log. When the month changes to December, this log file will be preserved and a
new log file will be created and named /opt/sc4/orgs/1/logs/201212.log.
Modification to the Audit Configuration and Administrator Log
There is no configuration option to enable another user to view the Administrator logs or to turn off the audit function. The
audit functionality is built into the application, is always on, and there are no options available to disable it except to shut
down the application, which is logged by SecurityCenter. The only other possible way to disable the audit functions is to
modify the source code, which is not available to end users. Through the SecurityCenter web interface, SecurityCenter
audit trail log files are read-only and are not able to be modified or deleted. These log files are also protected from
unauthorized access and/or deletion by file and group permissions that only allow the “root” and “tns” users (e.g.,
authorized system administrators) to access the files through the SecurityCenter server via console, and system accesses
are logged through standard functions (e.g., /var/log/messages , /var/log/secure, etc.) by the underlying host
operating system.
Audit Log Data Selection
In conjunction with the LCE, SecurityCenter can be configured to provide more granular options for the selection of audit
log data. Refer to Appendix 7, “Configuring SecurityCenter and the LCE for Audit Data Selection” for details on additional
configuration options.
Plugins
Plugins are scripts used by the Nessus, PVS, and LCE servers to interpret vulnerability data. For ease of operation,
Nessus and PVS plugins are managed centrally by SecurityCenter and pushed out to their respective scanners. LCE
servers download their own event plugins and SecurityCenter downloads event plugins for its local reference.
SecurityCenter does not currently push event plugins to LCE servers.