Auditing Successful User Logons

To view the details of a chosen user’s sessions with the eG Enterprise system, use the logon reports. This report enables administrators to determine which user(s) was actively using the eG Enterprise system during periods when the target environment was experiencing performance issues or exhibiting a strange behavior. Unauthorized accesses and rogue users can thus be identified quickly.

Moreover, these reports embed a special drill-down feature, which allows you a quick look at the actions performed by a particular user during the period of his/her access. This sheds light on changes effected by the user, which could have caused problems.

  1. Login to the eG administrative interface as admin.
  2. Pick the Successful Logons option from the Audits tile.
  3. Figure 1 then appears, providing a wide range of options for report generation.

    Figure 1 : Options for generating Successful User Logon reports

  4. The default Timeline for the report is 24 hours. You can choose any other fixed period from the Timeline list, or select the Any option from this list (see Figure 2). Choosing the Any timeline, allows you to provide a From and To date and time for report generation. If you change the Timeline settings, then make sure that you click the right-arrow button at its end, to register the changes. 

    Figure 2 : Choosing the Any timeline

  5. Next, select the User whose accesses you want to audit. By default, the All option is displayed here, indicating that the report provides the details of the sessions of all users to the eG Enterprise system. However, if only one user has successfully logged into the eG Enterprise system till date, then, by default, that user’s name is displayed in the User list.
  6. Administrators can configure the target environment for monitoring by directly logging into the eG administrative interface or by using the admin command line interface provided by the eG manager. This is why, by default, the audit log not only captures user logins via the web-based eG management console, but also those logins that are performed via the eG Admin Command Line Interface. While generating audit log reports, you have the option of viewing the details of successful logins across both these interfaces, or only those that pertain to a particular interface. To indicate your choice, use the Interface drop-down list. The options available in the Interface list are as follows:

    • Web: Select this option to view the details of successful logins via the web-based eG management console;
    • Command Line: Select this option to view the details of successful logins via the admin command line interface;
    • All: Select this option to view the details of all successful logins, regardless of interface used.

    If required, you can choose not to maintain audit logs for activities performed via the admin command line interface by setting the Include activities from the admin command line interface flag in the auditlog section of the manager settings page to No. In this case therefore, the Interface drop-down list will not appear.

  7. Finally, click the Show button to generate the report.

    Figure 3 : Report displaying the details of successful user logons

  8. The resulting report provides details of every successful login made by the chosen user(s). These details include (see Figure 3):

    • the name of the user
    • the IP address of the host from which the user accessed the eG management console
    • the exact time of login
    • the accurate time of logout
    • the duration of the user access
  9. If the report runs across pages, then the hyperlinked page numbers and the First, Next, Prev, and Last links at the bottom of the page will aid navigation.
  10. You can print the report by clicking on the Print icon at the right, top corner of Figure 3, or save the report as a PDF file by clicking on the Save icon. You can even save the report as a CSV file by clicking on the csv icon in Figure 3.
  11. You can also schedule the audit log report to be automatically emailed to specific recipients at configured intervals. For that, click on the Schedule this Report icon in the tool bar. Figure 4 will then appear.

    Figure 4 : Scheduling an Audit Log report

  12. Provide the following in Figure 4:

    • Specify the Schedule Name.

    • Indicate how frequently you want eG Enterprise to mail the report by picking an option from the Mail drop-down. The options provided therein include: Hourly, Daily, Day(s) of the week, Weekly, Monthly, Weekend, and Month-End. If you select the Day(s)of the week/Weekly option, you even get to select the exact day(s) of the week on which you want the report mailed, from the Mail On list. If you select the Monthly option from the Mail list, you can select the exact date of the month on which you want the report to be mailed, from the Mail On list. Select the Hourly option if you want the report to be mailed during a specific one-hour time window on chosen days of the week. In this case, use the Start Hr and End Hr controls to configure the time window for email delivery, and use the Mail On list to select the days of the week.

      Note:

      • If a report is set to be mailed 'Weekly', such a setting only ensures that the report is mailed once a week; it does not alter the Timeline of the original report. The same applies to 'Monthly' schedules.

      • By default, WeekEnd reports are mailed every Sunday. This default setting can however, be modified by editing the eg_services.ini file (in the <EG_INSTALL_DIR>\manager\config directory). The ScheduleMailWeekend parameter in the [MISC_ARGS] section of this file is set to Sunday, by default. If you so wish, you can specify any other day of the week against this parameter, as shown below:

        [MISC_ARGS]

        ScheduleMailWeekend=Friday

    • Provide a comma-separated list of Mail IDs to which the audit log report is to be emailed.

    • Indicate how you want the audit log report sent via email - as an attachment, or in the body of the email. Pick the Attachment option if you want the report to the attached to the email. To include the report in the body of the email, select the Inline option.

    • Then, indicate the Schedule Type. You can indicate when report scheduling is to occur by picking an option from the Schedule Type list. To generate schedule reports at the end of every day, pick the Day-End option from this list. To generate schedule reports at a configured time every day, pick the Anytime option from this list, and then indicate the exact time of generation using the Schedule at time controls that then appear.
    • Then, click on Save to save the schedule.  

  13. Clicking on a user name in Figure 3 leads you to Figure 5, which reveals what configuration changes were made by that user during the period of his/her access.

    Figure 5 : Details of changes made by a user