|
Configuration of ScrtySrvceChecksTest
The ScrtySrvceChecksTest monitors the Windows service logs and tracks the number of recently installed programs and services. This test also reports the number of services that were disabled but are still found to be running. In addition, this test helps administrators to keep an eye on the number of Windows services with vulnerable permissions and unquoted Windows services. This way, administrators are promptly alerted to any possible malicious attacks and thus they can proactively eliminate any security threat before it leads to catastrophic outcome.
The default parameters associated with this test are:
Specify the path to the log file of the target Windows host in the LOG LOCATION parameter. By default, this is set to None. This implies that the eG agent will automatically collect the required metrics from the log file available in the default log file location. If the log file is in a different location, then, you have to explicitly specify the location of the log file in this text box.
Specify the comma-separated list of services that needs to be disabled in the SERVICE TO BE DISABLED text box.
Note:
- When configuring the SERVICE TO BE DISABLED parameter, make sure that you specify the Display Name of the service, and not the service Name you see in the Services window on your Windows host.
- When monitoring an Microsoft SQL server, the SERVICE TO BE DISABLED parameter will be set to Microsoft SQLServer by default. However, if the Microsoft SQL server being monitored was installed using a named instance, the SQL service name will change. In such a case therefore, ensure that the SERVICE TO BE DISABLED parameter is reconfigured to reflect the correct service name.
To save the time and effort involved in manual service specification, eG Enterprise offers an easy-to-use auto-configure option in the form of a View/Configure button that is available next to the SERVICE TO BE DISABLED text box. Refer to Auto-configuring the Windows Services to be Monitored document for details on how to use this option.
The DD FREQUENCY parameter refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD FREQUENCY parameter.
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.
The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
- The eG manager license should allow the detailed diagnosis capability
- Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
When changing the configuration for specific servers, a “*” beside the text box corresponding to the parameter signifies that these values have to be manually configured by the user. The parameter values that require to be configured will typically be prefixed with a “$” or contain a series of “*”. A value of “none” in the parameter value indicates that the corresponding parameter value can be changed if required.
|