Does F-Secure Policy Manager Console have activity logging (audit trail / auditing)?

This discussion has a more recent version.
Customer_CareCustomer_Care Posts: 548 F-Secure Employee

Issue:

Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events:

  • User login / logoff
  • Host deletion  / add / rename events
  • Policy sub-domain deletion / add / rename events 
  • Change of policy settings

Resolution:

The F-Secure Policy Manager server logs can be found in the following folder:

  • C:\Program Files (x86)\F-Secure\Management Server 5\logs
The user login actions are not recorded, but there are 2 logs that record actions made by the users while logged in to the console.

Changes made to policy settings:
  • fspms-policy-audit.logs
Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure:
  • fspms-domain-tree-audit.logs
Q: How to find out who deleted a policy sub-domain in Policy Manage Console?
A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted.

05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1)
05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)
 

Article no: 000007129

Sign In or Register to comment.