Versions Compared

Old Version 1

changes.mady.by.user Emese Pogany

Saved on

compared with

New Version Current

changes.mady.by.user Harald Saller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Scroll Documents: Update page title prefix

...

Info
Remote security logging is independent from the normal logging and is disabled by default.

...

Enable Remote Security Logging

You can enable the feature in the UMS Console, through UMS Administration > Global Configuration > Logging > Activate security logging. This will enable logging for all components, including UMS Server, UMS Console, UMS Web App, IMI, and ICG.

Note

The security logging is enabled for the UMS Administrator in the file rmadmin/logback.xml and for the command line tool of the UMS Administrator in rmadmin/logback-cli.xml. Both files have the lines:

Code Block
<!-- Logging of security related actions of users -->
<!-- Set to 'INFO' to log the individual calls -->
<!-- Set to 'OFF' to ignore the individual calls -->
<property name="security.level" value="OFF" />

The default value is OFF. If the security logging should be enabled, switch to INFO.

Where Are the Log Files Stored?

You can find the UMS Server log file created by remote security logging:

...

  • On Windows:
    C:\Program Files\IGEL\RemoteManager\rmguiserver\logs\wums-app-security.log
  • On Linux:
    /opt/IGEL/RemoteManager/rmguiserver/logs/wums-app-security.log

Logged Events

Info

In the log file, some logged events are marked with source tags:

  • UMS Server events contain the source tag: UMS-Server.
  • ICG events contain the source tag: ICG.
  • IMI events contain the source tag: IMI.
  • UMS Web App events contain the source tag: UMS-Webapp.

Logged UMS Events

  • UMS user login and logoff
  • UMS user successful and failed logons
  • UMS user password change
  • All direct and indirect assignment changes to devices ("privileged policy changes")
  • All config changes to devices
  • Shut down of UMS or ICG services/processes
  • UMS Administrator user account creation/deletion

  • UMS Administrator user password change

Logged UMS Web App Events

  • Authentication events
  • Deletion of a search
  • Update or deletion of a profile or priority profile
  • Assignment or detachment of the following objects to a folder or a device:

...

    • reset to factory default 

    • update device settings

Logged ICG Events

  • User creation and deletion
  • Successful and failed authentication

  • File uploads

Logged IMI Events

  • Authentication events
  • Add operations
  • Update operations
  • Delete operations