Viewing administrative logs

Top  Previous  Next

Administrative logs are stored separately from user log data and are used to track all administrative logins and changes to configuration data.

 

Figure 196

 

clip0196

 

 

Records

 

Date - The date/time the action occurred.

 

Application Instance ID - The application instance ID that handled the request. This ID uniquely identifies a particular MFT Server instance and can help administrators distinguish between nodes in a multi-node HA cluster. If this MFT Server instance is not part of a HA cluster, then this value will always be the Application Instance ID of this instance.

 

Client Host - The client IP address of the administrator.

 

Client Port - The client port of the administrator.

 

User - The user login of the administrator.

 

Domain - The domain affected by this change.

 

Action - The action that occurred.

 

Description - A description of the action that occurred.

 

Purge - Performs a purge of all administrative records.

 

Export - Exports all administrative records to a CSV file.

 

Settings

 

Clear records older than N days - If enabled log records older than N days will be automatically purged from database.

 

Syslog

 

Enable syslog - When checked, MFT Server sends administrative logs to a syslog service

 

Host - The IP address of syslog daemon.

 

Port - The port of syslog daemon.

 

Facility - The syslog facility to use.

 

Extensions

 

Log to Splunk HTTP Event Collector. When checked, MFT Server sends administrative logging data to a Splunk HTTP Event Collector (HEC). To use this option you must have a Splunk HEC installation. This feature works in addition to existing administrative logging and the syslog service, if enabled (Manager Service > Logs > Syslog).

 

Host - The IP or hostname of the Splunk Enterprise or Splunk Cloud Platform server.

 

Port - The port of the Splunk deployment. The default is 8088.

 

Timeout - The connection timeout, in seconds. The default is 30.

 

Access token - The token that is used by the MFT Server to authenticate the connection to Splunk HEC. Your Splunk administrator or a designated token administrator should generate and provide you with a valid token.

 

Source - The source value to assign to the event data. This typically identifies the application where the data is coming from (e.g. MFT Server).

 

Source Type - The source type value to assign to the event data. This typically identifies the type of data coming from the source. (e.g. Administrative logs).

 

Use SSL Connection - When checked, an SSL connection is used to connect to the Splunk deployment.

 

Index - The name of the Splunk index.

 

Test Parameters - Click on this button to test the connection from the MFT Server to the Splunk deployment.

 

Note:  If a failure occurs in logging the data to the Splunk HEC, you can be alerted about this condition using a Trigger with an Event type of Log Extension Failure.

 





Home | Company | Products | Solutions | Purchase | Support | Services | Blog

© 2022 Redwood Software, Inc.