cmdReporter Wiki

2.1 - Apr 04 2019

New:

  • AuditEventExcludedUsers - Drop events from specific audit users
  • AuditEventExcludedProcesses - Drop events from specific processes
  • Hardware add/remove logging (external and internal hardware)
  • Smart card token add/remove logging
  • Network connection logging at AuditLevel 2+
    • Full details with originating process and destination IP
  • cmdReporter -T flag added to output loaded configuration and quit for troubleshooting
  • New format for release notes, easier to read.

Fixed:

  • AuditLevel preference restored
  • Performance improvements and other minor bug fixes
  • Optimizations and improvements to event collection filters.
    • Only terminal and shell script events run with root or admin permissions are logged at level 1 and 2
    • Expected log volume for AuditLevel 1 lowered to ~5mb/mac/workday or less
    • Expected log volume for AuditLevel 2 lowered to ~15mb/mac/workday or less


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.