4.3.10 Security Event
- Jenni Wallin
- Former user (Deleted)
The Security event is triggered for each failed login attempt.
Filtering
In the Event Setup tab, the values for all the event fields are set by default to All in the Match Value(s) column, which will generate event notifications for all state changes for all workflow groups. Double-click-on the field to open the Match Values dialog where you can click on the Add button to add which values you want to filter on. If there are specific values available, these will appear in a drop-down list. Alternatively, you can enter a hard-coded string or a regular expression.
The following fields are available for filtering Group State events in the Event Setup tab:
Fields inherited from the Base event
The following fields are inherited from the Base event, and described in more detail in 4.3.1 Base Event:
category- If you have configured any Event Categories, you can select to only generate notifications for System events with the selected categories. See 4.4 Event Category for further information about Event Categories.contents- The contents field contains a hard-coded string with event-specific information. If you want to use this field for filtering you can enter a part of the contents as a hard-coded string, e g the state you are interested in Idle/Running/Stopping/etc. However, for Security events, the content consists of the text "Login attempt by <username> from host <IP address> failed."eventName- This field can be used to specify which event types you want to generate notifications for. This may be useful if the selected event type is a parent to other event types. However, since the Security event is not a parent to any other event, this field will typically not be used for this event.origin- The Platform IP address.receiveTimeStamp- This field contains the date and time for when the event was inserted into the Platform database. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-04.*" for catching all System events from the 1st of April, 2018, to the 30th of April, 2018.severity- With this field, you can determine whether to only generate notifications for state changes with a certain severity; Information, Warning, Error, or Disaster. The severity level for Security events is always Warning.timeStampThis field contains the date and time when the Platform generated the event. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-06-15 09:.*" for catching all System events from 9:00 to 9:59 on the 15th of June, 2018.
Note!
The values of these fields may also be included in the notifications according to your configurations in the Notifier Setup tab.
Fields inherited from the Security event
systemMessage- This field contains the username and IP address of the Desktop.
Examples of Security Event Configuration
Example - Security Event sent to Log File
This configuration will give you the following notification setup:
When a Security event occurs, a Security notification will be generated.
When this notification is generated a new log line will be added in the
securityevent.txtfile located in the/home/MyDirectory/securityeventdirectory, with the following data:The date and time when the event was generated.
The system message.
Example - Security Event sent to Mail
This configuration will give you the following notification setup:
When a Security event with a message containing the text "Warning" is registered, a System Event notification will be generated.
When this notification is generated, an entry will be added to the securitylog table in the database:
The system message will be inserted in the message column in the database table.
The date and time when the event was generated will be inserted in the time column in the database table.