Auditing Administrator Changes to the ARM Database

(Requires ARM) Administrators often need to know when and what changes were made to EFT and who made them. The administrator Actions Log report provides information about administrator changes. When ARM expires, administrator changes are no longer audited.

EFT logs to the ARM database the following changes made to EFT:

  • The Date the action occurred, in MM/DD/YYYY HH:MM:SS format.

  • The affected feature or Function. (Refer to Functions Audited below.)

  • The type of Action (created, added, removed, modified, enabled, disabled, started, and stopped).

  • The Affected Area (Server, Site, Settings Template, User Account, Event Rule, Command, Group, VFS, Report).

  • The name of the affected object, Affected Name (Server Name, Site Name, Settings Template Name, User or administrator Account Name, Event Rule Name, Command Name, Group Name, Folder Name, Report Name).

  • The name of the administrator that made the change, Change Originator.

The data in the preconfigured report is arranged in columns, Date, Function, Action, Affected Area, Affected Name, and Change Originator, grouped by Site name, and sorted in reverse chronological order (newest change at the top).

Functions Audited

When the following functions are created, added, removed, modified, enabled, disabled, started, or stopped, the action is logged to the database. Many possible actions are grouped together. For example, modifying SSL cipher selection, changing SSL clear command channel values, or modifying SSL connection string all fall under "SSL settings." Also, intermediate states are not audited (for example, a toggle was checked, but later unchecked, rendering the transaction moot). Instead, only committed states are captured (once the administrator applies changes).

  • SFTP protocol

  • SFTP settings

  • SFTP key

  • SFTP authentication settings

  • SSL protocol

  • Password

  • Password complexity

  • Password reset

  • Password expiration

  • Password History

  • SMTP settings

  • DoS prevention settings

  • Delegated administrators

  • Server

  • Site

  • SSL settings

  • SSL require client certificate

  • SSL certificate

  • SSL authentication settings

  • FIPS mode for SSL

  • Password initial reset

  • Invalid login settings

  • Inactive account settings

  • Account expiration settings

  • Connection limits

  • Settings Template

  • User Account

  • Real-time monitoring

  • User kicked

  • Web Services Interface

  • FIPS mode for SSH

  • HTTPS protocol

  • HTTPS settings

  • HTTP protocol

  • FTP Implicit Protocol

  • Transfer limits

  • Disk limits

  • File type limits

  • IP address ban list

  • Group assignment

  • Site root folder

  • Site listening IP

  • Custom command

  • Event Rule

  • Physical folder

  • FTP Explicit Protocol

  • FTP protocol

  • FTP settings

  • AS2 protocol

  • AS2 settings

  • Group (Permission)

  • Data sanitization (wiping)

  • DMZ Gateway

  • DMZ Gateway settings

  • Authentication settings

  • Virtual folder

  • Folder permissions

  • administrator

  • Database refresh

  • Server service settings

  • PASV port mode settings

  • Streaming repository encryption (EFS)

  • OpenPGP settings

  • OpenPGP key

  • Web Transfer Client

  • Remote administration

  • Auditing settings

  • Log settings

  • Default Configuration File Path

  • Default User Database Refresh Interval

  • Show Time In UTC/GMT

  • Ban On Invalid Login Settings

  • Advanced Workflows Task

  • Account details