Auditing Failed Logons

To view the details of user logons to the eG Enterprise system that failed, use the failed logon reports. Using such a report, you can figure out which were the login attempts that failed and why. The reasons can bring to light problems in the network connection that need to be repaired, and even login attempts that are rather ‘suspect’.

  1. Login to the eG administrative interface as admin.
  2. Select the Failed Logons option from the Audits tile.
  3. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list. Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes.
  4. Next, select the User whose login attempts you want to audit. By default, the All option is displayed here, indicating that the report provides the details of failed login attempts of all users to the eG Enterprise system. However, if only one user had had problems logging in till date, then, by default, that user’s name is displayed in the User list.
  5. Administrators can configure the target environment for monitoring by directly logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures user logins via the web-based eG management console, but also those logins that are performed via the eG Admin Command Line Interface.

    While generating audit log reports, you have the option of viewing the details of failed logins across both these interfaces, or only those that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view the details of login failures that occurred when attempting to login via the web-based eG management console;
    • Command Line: Select this option to view the details of login failures that occurred when attempting to login via the admin command line interface;
    • All: Select this option to view the details of all login failures, regardless of interface used to login.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the auditlog section of the manager settings page to No. In this case therefore, the Interface drop-down list will not appear.

  6. Finally, click the Show button to generate the report.

    Figure 5 : Report displaying the details of failed user logons

  7. The resulting report provides details of every login made by the chosen user(s) that failed. These details include (see Figure 5):

    • the name of the user
    • the IP address of the host from which the user attempted to login to the eG management console
    • the Interface type that was used - whether web or command line
    • the exact time of the login attempt
    • the reason for the login failure
  8. You can print the report by clicking on the Print icon at the right, top corner of Figure 5, or save the report as a PDF file by clicking on the Save icon. You can even save the report as a CSV file by clicking on the csv icon in Figure 5.