Enable MID audit log [New in Security Center 1.3 and updated in 1.5]

Yokohama Platform security

Release

yokohama

ft:locale

en-US

ft:publication_title

Yokohama Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Enable MID audit log [New in Security Center 1.3 and updated in 1.5]

Release version: Yokohama

Updated March 7, 2025

1 minute to read

The MID Server command audit log records details such as the command name, command hash, name of credential used, and execution status.

The MID Server command audit log tracks details such as the command name, command hash, name of credential used and execution status. When enabled, users with the agent_security_admin role can view these logs in the MID Server Command Audit Logs [ecc_agent_command_audit_log] table. Navigate to All > MID Server > Audit Logs > Command Audit Logs to see this table.

Set mid.log.command_audit.enable to true in the MID Server Properties [ecc_agent_property] table to turn on auditing for commands run by the MID server.

For more details on setting this property, see MID Server command audit log.

For information about MID Servers and how they work, see MID Server.

More information


Attribute	Description
Configuration name	mid.log.command_audit.enable
Configuration type	MID Server Property [ecc_agent_property] record
Data type	Boolean
Recommended value	true
Default value	false
Category	Error handling and logging
Security risk	Severity score: 2.2 CVSS score: Low Security risk details: In the event of security investigation, this table can be used by incident response teams to audit the commands run on the MID server. Without this log, there might not be sufficient details to respond to situations such as unauthorized account use.
Dependencies and prerequisites	None