This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FNMS Access Logs

sibusison
By
Level 2
Does FNMS keep access logs to the suite? 
Who, and when they logged on?
Who tried to log on and failed?
 
The premise here is that we are required to adhere to governance requirements where the logging of Logon and Logoff events that appear to, by default, not be logged.
The thinking is that because FNMS is a web-based system relying on IIS for its Web publishing, it would possibly retain the information on IIS?
 
We have however manged to get some sort of data in FNMSCompliance, BUT "LastLogin" and "LastLogout" columns are nulled  even after testing with different users to login and out again.
 
 

‎Apr 29, 2020 02:15 AM

(2) Replies

mfranz
By Level 17 Champion
Level 17 Champion

Hi,

I think you are on the right track here. You could use the "Failed Request Tracing" feature to log who tried accessing and got rejected by the webserver. However, if you run Windows authentication, I guess most domain users should be authenticated against the webserver successfully. Only FNMS would then present a "insufficient rights" page instead of the dashboard. I am not sure if this behaviour is logged somewhere.

As there is really no logout button in FNMS on prem, trying to comply with security standards, you could at least limit the "time-out" value for the session cookie.

2020-04-29_09h43_45.png

Best regards,

Markward

‎Apr 29, 2020 02:46 AM

0 Kudos

jjensen
By
Flexera Alumni

Hello @sibusison,

You are correct, ComplianceOperator's 'LastLogin' and 'LastLogout' are not populated for On-Premises implementations, because FNMS relies on Windows Authentication.

You could perhaps track the date/time that requests are sent to FNMS, but clearly that would be very heavy to manage.

There is a 'LastActive' field under ComplianceOperatorAudit, I'm not sure if that would be of any use?

SELECT co.ComplianceOperatorID, co.OperatorLogin, coa.LastActive FROM ComplianceOperator co
LEFT JOIN ComplianceOperatorAudit coa ON co.ComplianceOperatorID = coa.ComplianceOperatorID
ORDER BY co.OperatorLogin ASC

My understanding is that this will be updated whenever an operator makes a change that is recorded on the History tab for any object in FNMS (anything that creates an associated record in ComplianceHistory_MT).

HTH,

Joseph 

If my response answered your question satisfactorily, please click "ACCEPT AS SOLUTION" to heighten visibility for future customers!

‎Apr 29, 2020 02:46 AM