Issue:
Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events:
- User login / logoff
- Host deletion / add / rename events
- Policy sub-domain deletion / add / rename events
- Change of policy settings
Resolution:
The F-Secure Policy Manager server logs can be found in the following folder:
- C:\Program Files (x86)\F-Secure\Management Server 5\logs
The user login actions are not recorded, but there are 2 logs that record actions made by the users while logged in to the console.
Changes made to policy settings:
Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure:
- fspms-domain-tree-audit.logs
Q: How to find out who deleted a policy sub-domain in Policy Manage Console?
A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted.
05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1)
05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)
Article no: 000007129