I am looking to see if there is any baseline functionality in FSM6u25 to support the following being request as part of our IT security audit process
- Security journal are enabled and log unauthorized login attempts
Question
Logging and investigation of unauthorized password events
+27Hi Richard,
the Server Log includes entries, if a user has given an incorrect password. In addition, there is a column on the Person-table where you can see the failed login attempts.
If you want to apply a password policy, you can do so by setting the following app params:
Best regards
Roman
Thank you Roman. We do already have policies established but we are looking for an effective way to consolidate and report on these failed log-in attempts beyond the ‘failed attempts’ indicator on the person record. In our current system set-up, a new server log is created at least once a day so collecting this type of information would be quite difficult. Are there any solutions for creating some sort of journaling log to specifically capture these events?
Regards,
Richard
+27Unfortunately, not that I’m aware of. You would need to parse the log files somehow with a monitoring tool that creates some sort of notification.
For the “failed attempts” a lobby could be created inside FSM.
Best regards
Roman
Ok thanks. Can this be logged as an ‘idea’ for R&D to consider? I would have to think that with the heightened concern on system security in general, having direct visibility to this data would be of interest to many.
Thanks,
Richard
+27You can raise a new idea here:
https://community.ifs.com/ideas
Make sure to link it in this thread. So, people searching for the same functionality will be able to upvote. Thanks!
Best regards
Roman
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.