• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 25 subscribers
  • Views 1666 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

CMC No Logging? Really?

choerichs

Anybody ever wonder why SEM has an administrative account CMC that doesn't log when it's used and you can't alert off of it?  Do you run any product, let alone a security product, that doesn't log logon or logoff events either success or failure on all accounts, especially administrative accounts?  After allowing all of us customers to be breached through Solarwinds Orion hasn't Solarwinds made it a priority to fix known and requested security controls and gaps as glaring as this one?

Parents
  • 0

    I think it must log locally on the appliance in /var/log somewhere?  I think you could configure it to log to itself.  This is a workaround mind you.  You'll also need the root password for you appliance (which you have to get from support).  I may look into this myself later this week now that you brought it up.

    Bill

Reply
  • 0

    I think it must log locally on the appliance in /var/log somewhere?  I think you could configure it to log to itself.  This is a workaround mind you.  You'll also need the root password for you appliance (which you have to get from support).  I may look into this myself later this week now that you brought it up.

    Bill

Children
  • +1 in reply to ecklerwr1

    Tech support did a  work around conf to get CMC to log.  Wasn't much for the tech to add it, though it has to be re-implemented after every upgrade.  It does point to Solarwinds' culture of unconscionable security defects in their products.  If they don't even consider logging of administrative accounts in their products as a requirement when it's that easy to correct, is it any wonder that Solarwinds Orion hacked the world?  The answer is no...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.