Auditing Administrator Changes to the ARM Database

(Requires High Security Module in addition to ARM) Administrators often need to know when and what changes were made to EFT Server and who made them. The Administrator Actions Log report provides information about administrator changes.

EFT Server logs the following changes made to EFT Server to the ARM database:

The Date the action occurred, in MM/DD/YYYY HH:MM:SS format.
The affected feature or Function. (Refer to Functions Audited below.)
The type of Action (created, added, removed, modified, enabled, disabled, started, and stopped).
The Affected Area (Server, Site, Settings Template, User Account, Event Rule, Command, Group, VFS, Report).
The name of the affected object, Affected Name (Server Name, Site Name, Settings Template Name, User or Admin Account Name, Event Rule Name, Command Name, Group Name, Folder Name, Report Name).
The name of the administrator that made the change, Change Originator.

The data in the preconfigured report is arranged in columns, Date, Function, Action, Affected Area, Affected Name, and Change Originator, grouped by Site name, and sorted in reverse chronological order (newest change at the top).

Functions Audited

When the following functions are created, added, removed, modified, enabled, disabled, started, or stopped, the action is logged to the database. Many possible actions are grouped together. For example, modifying SSL cipher selection, changing SSL clear command channel values, or modifying SSL connection string all fall under "SSL settings." Also, intermediate states are not audited (e.g., a toggle was checked, but later unchecked, rendering the transaction moot). Instead, only committed states are captured (once the administrator applies changes).

SFTP protocol
SFTP settings
SFTP key
SFTP authentication settings
SSL protocol
SSL settings
SSL require client certificate
SSL certificate
SSL authentication settings
FIPS mode for SSL
FIPS mode for SSH
HTTPS protocol
HTTPS settings
HTTP protocol
FTP Implicit Protocol
FTP Explicit Protocol
FTP protocol
FTP settings
AS2 protocol
AS2 settings
PASV port mode settings
Streaming repository encryption (EFS)
OpenPGP settings
Open PGP key
Web Transfer Client

Password
Password complexity
Password reset
Password expiration
Password History
Password initial reset
Invalid login settings
Inactive account settings
Account expiration settings
Connection limits
Transfer limits
Disk limits
File type limits
IP address ban list
Group assignment
Group (Permission)
Data sanitization (wiping)
DMZ Gateway
DMZ Gateway settings
Authentication settings
Remote administration
Auditing settings
Log settings
Default Configuration File Path
Default User Database Refresh Interval

SMTP settings
DoS prevention settings
Delegated Administrators
Server
Site
Settings Template
User Account
Real-time monitoring
User kicked
Web Services Interface
Site root folder
Site listening IP
Custom command
Event Rule
Physical folder
Virtual folder
Folder permissions
Administrator
Database refresh
Server service settings
Show Time In UTC/GMT
Ban On Invalid Login Settings
AWE Task
Account details

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 16:00:17