Security-related events are logged to a file that can be securely transferred to an FTP server or to email. The following security events are logged:
-
Creation of new users
-
Changes to user passwords
-
Change of user permissions or roles
-
Logins (failed and successful)
-
Included challenge questions
-
Changes to the Users tab (emails, etc.)
-
Changes to entitlements
-
Configuration imports and exports
-
New tenant creation
-
Changes to Type IDs or configuration
Users with Change Manager entitlements can configure these events by editing two sets of configurations. The first set of configurations is in the server.service.export.securityLog
Type ID. The settings contain a set of FTP values that define the credentials and protocol to communicate with the FTP server that hosts the exported file. The second set are available in the server.quartz.settings.jobs
Type ID and need to be entered by a person with Configuration Specialist entitlements.
Logged events are categorized as follows:
-
Email—log files sent via email use naming convention "SECURITY_LOG".
-
SFTP—log files exported via SFTP use naming convention "SECURITY_LOG[1234567890]", where the numeric value in the file name represents the date and time of the file export, in milliseconds.
Note
Resources such as current millis can convert milliseconds into date and time and back into milliseconds.
-
Admin portal—log events added to the Gro Admin Portal use naming convention "LOG_SECURITY_EVENT[yyyyddMM]T[hhmmss]".
The three FTP types supported by the framework are FTP, SFTP, and FTPS. The values that can be defined in the FTP setting vary depending on the FTP type being used. Here are the definitions for each protocol:
FTP
-
type
: In this case the value would be FTP. -
url
: The FTP server url. -
username
: The authentication username for the FTP server. -
password
: The authentication password for the FTP server. -
path
: The remote FTP server path to be used.
SFTP
-
type
: In this case the value would be SFTP. -
url
: The FTP server url. -
username
: The authentication username for the FTP server. -
password
: The authentication password for the FTP server. -
path
: The remote FTP server path to be used. -
port
: The port to be used for the SFTP.
FTPS
-
type
: In this case the value would be FTPS. -
url
: The FTP server url. -
username
: The authentication username for the FTP server. -
password
: The authentication password for the FTP server. -
path
: The remote FTP server path to be used. -
protocol
: The protocol to be used for the FTPS. The two options are SSL and TLS. -
isImplicit
: The boolean to determine is the FTPS is implicit. -
port
: The port to be used for the FTPS.
-
to
: List of emails -
emailSubject
: Subject of email -
emailBody
: Body of the email
deleteEvery
Set this value to configure the number of logs you want to keep at one time.
After determining what values are needed, go to Type ID server.service.export.securityLog
and edit the following configurations.
Example configuration for FTPS:
{ "ftp": { "type": "FTPS", "url": "66.220..", "username": "user", "password": "pass*", "path": "/acct-demo/securityLogs/", "port": 0, "protocol": "TLS", "isImplicit": true }, "email": { "to": [ "example@gmail.com", "example2@gmail.com" ], "emailSubject": "Sample Security Log Subject", "emailBody": "This is just a sample of a Security Log." }, "deleteEvery": "15"}
Example configuration for SFTP:
{ "ftp": { "type": "SFTP", "url": "66.220..", "username": "user", "password": "pass*", "path": "/acct-demo/securityLogs/", "port": 22 }, "email": { "to": [ "example@gmail.com", "example2@gmail.com" ], "emailSubject": "Sample Security Log Subject", "emailBody": "This is just a sample of a Security Log." }, "deleteEvery": "15"}
The second set of configurations is in Type ID server.quartz.settings.jobs
and needs to be changed by a Configuration Specialist.
[ { "name": "SendLogSecurityEventsJob", "description": "Example of Job", "cronExpr": "0/5*?*", "typeOfJob": "SendLogSecurityEventsJob", "enable": true, "brandId": "999999" } ]
The sent log.txt document uses a date and time stamp as the naming convention, for example, FI Production Logs (0630-1130) 20190730.txt
.