Audits and Notifications

Access Manager Plus deals with sensitive passwords, and therefore it is important to have a complete record of the people accessing these sessions. In Access Manager Plus every single action performed by the user is recorded along with the files to which they had access. Vital information such as the users's IP addresses and timestamps of all when operations were performed by users are recorded within the application. By default, only the administrator can view all the actions performed by the other users. However, these records can be sent via email to other users based on their preferences.

Access Manager Plus's audit operations are quite comprehensive, and almost all actions are audited. In case your requirement is to audit only specific operations, Access Manager Plus provides flexible options for focused auditing as well. There is also option to send notifications to required recipients whenever a desired event (audit trail of your choice) occurs in Access Manager Plus.

Summary of Steps

Working with Audits and Notifications
1.1 Types of Audits

1.2 Create Audit Filters

1.3 Audit Actions

1.4 Operation Type
User Sessions
2.1 View User Sessions

2.2 Search a Particular User Session or Audit

2.3 Terminate a User Session

1. Working with Audits and Notifications

Once you click the Audit tab, you will see all the audits along with their details such as User Account, Operated By, IP Address, Time Stamp, etc. You will also find Operation Types and Audit Action buttons on the right.

1.1 Types of Audits

Audit in Access Manager Plus is classified into three types:

Connection Audit - all operations pertaining to connections, connection groups, accounts, passwords, shares and policies performed in Access Manager Plus.

Click Connection Audit to view Connection Audits.
User Audit - all operations performed by users in Access Manager Plus.

Click User Audit to view User Audits.
Task Audit - records of various scheduled tasks created in Access Manager Plus.

Click Task Audit to view Task Audits

For the above audits, when you click each of the tabs from the left pane, you will be able to carry out the following operations:

1.2 Create Audit filters

Filtering is an operation to organize content according to specified criteria based on your preference. There are certain pre-defined filters available in Access Manager Plus. To sort these audits, click the dropdown above the list view and select the filter you want to apply. To search a particular type of audit, click the search icon and type in your requirement.

Suppose if you want a filter to carry out certain combined operations which is not available in the per-defined filters, you can create customized views of audit trails by creating a new filter and choosing it to display only those audit records that are of interest to you. To create an audit filter,

Click Create.
Specify the Filter Name.
Select the required column names from the drop-down and mention your criteria (To enter an operation type as criteria, click Operation Types, refer to the list and enter the name).
The button adds a criteria row and the button deletes a row. Using this, you can add any number of criteria.
Selecting Match All makes sure all the criteria is satisfied and Match Any makes sure if any of the criteria are satisfied and displays results accordingly.
Click Save.

1.3 Audit Actions

Click Audit Actions dropdown. You'll see a list of options:

Configure Connection/User/Task Audit
Create Custom Report
Export to CSV
Export to PDF
Email This Report

Read further to know more about it.

1.3.1 Configure Audit for Connection, User and Task

Click Configure Connection Audit / Configure User Audit / Configure Task Audit.
A window will be displayed from which you will be able to configure the following settings:

To record only specific operations in Audit:

In the respective Audit Configuration popup (Connection / User / Task) that opens, select only the operations under Audit column for which you want audit records to be generated.

To receive notifications, traps, Syslog messages on generation of audit records:

Access Manager Plus provides the flexibility of sending separate notifications as and when the chosen event occurs.

If you want to receive instant email notifications, SNMP traps or Syslog messages on the occurrence of a desired event, you can select the respective check-boxes against the required audit operation.
If you do not want to receive notification emails, you can customize to receive a single notification every day (containing the information about all events generated on that day) in the form of a daily digest. You can also specify a list of recipients for these notifications.
Click Save.

To Purge Audit trails:

Almost all operations pertaining to connections performed in Access Manager Plus are audited and the audit data is stored in the database. Therefore, the connection audit record grows at a faster rate. To help you maintain disk space, an additional option to purge audit records is given in the Audit Configuration GUI. If you do not need audit records that are older than a specified number of days, you can choose to purge them.

Note: The Purge Audit option is available for Connection Audit and User Audit only.

To Configure Audit Purging:

Go to Purge Connection Audit Records section.
Specify the number of days upto which the audit records should be retained. For instance, if you enter 90, audit records that are more than 90 days old will be automatically purged by Access Manager Plus.
Click Save.

1.3.3 Export and Email Audit Reports

To Export Audit Trails as PDF or CSV Report:

The Audit Trails could be exported as a PDF file / CSV file and stored in a secure location for reference.

Click Export to PDF / Export to CSV to export Audit Trails as a report.

To Email Audit Report:

The Audit Trails could be Emailed to one or more users for reference.

Click Email this Report.

Specify the Email Id(s) of users in the field in the pop-up and click Send Report.

The email ids' specified here will be available as a consolidated list under Admin >> Configuration >> Notification Email IDs.

1.4 Operation Types

Operation Types are static data available for reference. It displays functions that are available for that particular audit type. The search bar can be used to search for a particular operation which can be used while creating filters.

2. User Sessions

The audits of all the operations performed by the user during this active session will be listed. And these audits can be viewed by selecting a particular user session of a specific date range. There is also an option to terminate any active user session by the administrators.

Navigate to Audit >> User Sessions.

2.1 View User Sessions

All audits pertaining to user sessions within the chosen date range are captured under User Sessions.

Choose a particular date by double clicking on the specific date for which you want to view the user sessions or a range of dates by selecting a start date and end date from the Date Range Picker. The range between the start date and end date cannot be more than 3 months.
By default, the current date will be chosen as both the start and end dates.
After choosing the date range, all the user sessions performed on the chosen date range will be listed.
Upon clicking a particular user session, the audits of all the operations the user performed during the chosen session will be listed.

2.2 Search a Particular User Session or Audit

Search a particular user session by entering the username - first name, last name or full name in the search field.
You can also search for a particular audit by entering the keywords in the search field.

2.3 Terminate a User Session

You can terminate any active user session by clicking the Terminate button present beside the User Session and providing a reason.
Click Ok. The session will be terminated.

Note: Only Administrators will be able to terminate any user session. The Org Manager's session can be terminated by the administrators of his/her MSP org only.