Symantec Security Expressions Server User Manual

Audit-On-Connect

45

Specify and confirm a password. SecurityExpressions Audit & Compliance Server generates an

encrypted password that you must add the to the configuration files for each of the Connection

Monitors. Include the encrypted password in the [Options] section of the configuration file with
the Password option.

Settings for DHCP Plug-In or DHCP Network Monitor Connection Monitors

When a connection event is detected by either of the DHCP connection monitors, the system may

not yet be booted fully to a state that allows an audit to occur. In order to ensure that a system

is audited properly when detected by a DHCP connection monitor, you can configure the system

here to retry any failed connections. These settings control how many seconds will pass between

retries and the number of times a connection will be retried before attempting to audit the

system.

Configuring Connection Monitors

Most of the configuration work is in editing the configuration file (dmconfig.txt). The settings
described here are only part of the process.

List the IP address or fully-qualified name of the computer hosting a Connection Monitor.

To add a Connection Monitor device to the list, type the IP address or fully-qualified device name

and click Add New.

To remove a device from the list, select the IP address or fully-qualified device name and click

Remove.

Once you set the settings on this page, you must enable the connection monitor.

Enabling Connection Monitors

To fully enable a Connection Monitor, you must set complete computer and credential settings:

• IP address or fully-qualified computer name - To enable a Connection Monitor you must

add the IP address or fully-qualified computer name of the devices with installed

Connection Monitors.

• Password and encrypted password - When you create and verify a password, an

encrypted password appears. You must add the encrypted password for each monitor to

the configuration file named dmconfig.txt, which resides in the same directory as the

Connection Monitor.

• Settings for DHCP Plug-In or DHCP Network Connection Monitors - When a connection

event is detected by either of the DHCP connection monitors, the system may not yet be
booted fully to a state that allows an audit to occur. In order to ensure that a system is

audited properly when detected by a DHCP connection monitor, you can configure the

system here to retry any failed connections. These settings control how many seconds

will pass between retries and the number of times a connection will be retried before

attempting to audit the system.

Include the encrypted password in the Options section of the configuration file. For example,

[Options]

Port = 9009