Technicians and Roles
EventLog Analyzer supports authorization and authentication at a local level and is compatible with third-party applications like Active Directory and RADIUS server. It allows adding users in three realms (user groups) viz., Admin, Operator, and Guest. The Admin realm has the highest order of privilege in the EventLog Analyzer server and UI. The Operator has limited privileges that enables access to perform create and delete operation on the allotted resources. The Guest has read-only privilege on the allotted security resources (device groups).
Having the Admin rights lets one:
How to add a new EventLog Analyzer technician?
To add new users, use the following menu option:
- Settings tab > Technicians and Roles > Add Technician
You can either add a user from AD or add a local technician in EventLog Analyzer.
To add a local technician, click on the Add local technician link.
- Enter a technician name for the new user. The nomenclature-syntax could be as per your company policy.
- Check the 'Use username as password' option if you wish the system to consider and make your Login name as your password too. If this option is used, the users are prompted to set the password of their choice just to let them know that a custom password is safer. This facility can be used by temporary users and for evaluation purposes. Set a difficult password. The length should be between 5 to 20 characters, with a mix of upper and lower case, special characters and numerals.
- Enter the email id of the user to intimate the event of the new technician account creation.
- Select one of the access levels viz. the Admin, Operator, and Guest.
- Assign device group(s) to provide segmented view to the user and limit the privilege on security resources. Select the device group(s) checkbox(es) and click OK.
- Complete the add user operation using the Add button.
How to manage (delete, assign role to, assign group to) EventLog Analyzer technicians?
In the Manage Technician screen, all the users of EventLog Analyzer are listed along with user's login name, access level privilege, the domain in the network to which the users belong to, and the link to view their audit details. You can delete, enable or disable users and re-assign access levels and device groups for technicians.
- To monitor the users of EventLog Analyzer, click on the User Audit icon. This will give you the report of all EventLog Analyzer user activity. You can view the user audit data for the required username, type of user(administrator, operator, guest), resource and action. The report can be extracted into PDF/CSV format.
- Delete, enable or disable users by selecting the users and clicking on the respective icons.
- Click on the edit icon to update the technician details such as the access level, device groups, email and password.
User Audit Notification
Notifications for selected actions can be configured by clicking on the notification icon in the top right corner of the Technician Audit page. Once the User Audit notification pop-up appears,
Select the technician role(s) for which notification needs to be configured. Check the "ALL" option if the notification is required for all the three roles.
Select the required actions from the dropdown provided.
Enter the Email ID for which the notification has to be sent. In case of multiple Email IDs, enter the required Email IDs seperated by a comma.
Enter the "Subject" for the notification in the column provided.
Click on "Save"
A new user audit notification will be configured.
To disable a notification:
The configured notification will be disabled.
How to import users from Active Directory into EventLog Analyzer?
- Settings tab > Admin Settings: Technicians and Roles > Add Technician
EventLog Analyzer will automatically discover and display Active Directory users from the selected domain. You have two options - basic and advanced.
- Basic Options: The AD users are displayed along with their Login Name and Organizational Unit. Select the user(s) by clicking on the respective checkbox(es) and click on the Next button. You can easily search for a device using the search option or by filtering based on the OU using OU Filter.
1. Select one of the access levels viz. the Admin, Operator, and Guest.
2. Assign device group(s) to provide segmented view to the user and limit the privilege on security resources. Select the device group(s) checkbox(es) and click OK.
3. Click on the Add button.
- Advanced Options: By clicking to the switch to advanced options link, you can add users based on their Domain Groups and Domain OUs. The domain groups/OUs will be automatically discovered and displayed for the selected domain. Select the Domain Groups or Domain OUs by clicking on the respective checkbox(es) and click on the Next button.
Configure Schedule: To synchronize users in Active Directory with the users in EventLog Analyzer, you can configure a schedule for periodically importing users from domain groups and OUs.
1. Enter a name for the schedule.
2. Specify the interval (in days) for running the scheduled automatic import.
3. Click on the Save button or the Save and Run Now button if you wish the run the scheduled import right away.
EventLog Analyzer provides two external user authentications apart from the local authentication. They are Active Directory authentication and Remote Authentication Dial-in User Service (RADIUS) authentication. You can configure the Active Directory and RADIUS server authentication settings in the Manage Technicians page.
Active Directory Configuration
Click on the external authentication icon on the Manage Technician screen. You can then enable Active Directory authentication for users. On enabling this option, technicians imported from Active Directory will be able to logon to EventLog Analyzer with their domain credentials.
RADIUS server Configuration
RADIUS server authentication can be set as default authentication for EventLog Analyzer.
On enabling this option, technicians will be able to logon to EventLog Analyzer by authenticating with the configured RADIUS server. To configure the RADIUS server with EventLog Analyzer, follow the steps below:
1. Enter the IP address of the device where RADIUS server is running.
2. Enter the port used by the RADIUS server for authenticating users.
3. Select the protocol that is used to authenticate users.
4. Enter the RADIUS server secret used by the server for authentication.
5. In the 'Authentication Retries' field, select the number of retries allowed for logging into EventLog Analyzer with RADIUS Server authentication.
6. Complete the RADIUS server configuration operation using the Save button. Logout abd Login again with the RADIUS authentication.