Does F-Secure Policy Manager Console have activity logging (audit trail / auditing)?
Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events:
User login / logoff
Host deletion / add / rename events
Policy sub-domain deletion / add / rename events
Change of policy settings
The F-Secure Policy Manager server logs can be found in the following folder:
C:\Program Files (x86)\F-Secure\Management Server 5\logs
The user login actions are not recorded, but there are 2 logs that record actions made by the users while logged in to the console.
Changes made to policy settings:
Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure:
Q:How to find out who deleted a policy sub-domain in Policy Manage Console? A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted.
05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1) 05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)