/
4.3.10 Security Event

4.3.10 Security Event

The Security event is triggered for each failed login attempt.

Filtering

In the Event Setup tab, the values for all the event fields  are set by default to All in the Match Value(s) column, which will generate event notifications for all state changes for all workflow groups. Double-click-on the field to open the Match Values dialog where you can click on the Add button to add which values you want to filter on. If there are specific values available, these will appear in a drop-down list. Alternatively, you can enter a hard coded string or a regular expression.

The following fields are available for filtering of Group State events in the Event Setup tab:

Fields inherited from the Base event

The following fields are inherited from the Base event, and described in more detail in 4.3.1 Base Event:

  • category - If you have configured any Event Categories, you can select to only generate notifications for System events with the selected categories. See 4.4 Event Category for further information about Event Categories.

  • contents - The contents field contains a hard coded string with event specific information. If you want to use this field for filtering you can enter a part of the contents as a hard coded string, e g the state you are interested in Idle/Running/Stopping/etc. However, for Security events, the content consists of the text "Login attempt by <username> from host <IP address> failed." 

  • eventName - This field can be used to specify which event types you want to generate notifications for. This may be useful if the selected event type is a parent to other event types. However, since the Security event is not a parent to any other event, this field will typically not be used for this event.

  • origin - The Platform IP address.

  • receiveTimeStamp - This field contains the date and time for when the event was inserted into the Platform database. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-04.*" for catching all System events from 1st of April, 2018, to 30th of April, 2018.

  • severity - With this field you can determine to only generate notifications for state changes with a certain severity; Information, Warning, Error or Disaster. The severity level for Security events is always Warning.

  • timeStamp This field contains the date and time when the Platform generated the event. If you want to use timeStamp for filtering, it may be a good idea to enter a regular expression, for example, "2018-06-15 09:.*" for catching all System events from 9:00 to 9:59 on the 15th of June, 2018.

Note!

The values of these fields may also be included in the notifications according to your configurations in the Notifier Setup tab.

Fields inherited from the Security event

  • systemMessage - This field contains the username and IP address of the Desktop.

Examples Security Event Configuration

Example - Security Event sent to Log File




This configuration will give you the following notification setup:

  • When a Security event occurs, a Security notification will be generated.

  • When this notification is generated a new log line will be added in the securityevent.txt file located in the /home/MyDirectory/securityevent directory,with the following data:

    • The date and time when the event was generated.

    • The system message.

Example - Security Event sent to Mail



This configuration will give you the following notification setup:

  • When a Security event with a message containing the text "Warning" is registered, a System Event notification will be generated.

  • When this notification is generated, an entry will be added in the securitylog table in the database:

    • The system message, will be inserted in the message column in the database table.

    • The date and time when the event was generated will be inserted in the time column in the database table.