Search

GlobalSCAPE Knowledge Base

Auditing of specific items in EFT

Last Year
Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v8.0 and later 

DISCUSSION

The following Advanced Properties enable or disable auditing of specific items:

  • AuditBannedSocketConnections - auditing of banned socket connections. Default = true (audit); false to skip
  • AuditFailedAuthforNonExistingUsernames - auditing of all invalid username authentication attempts. Set to false by default; true to audit
  • AuditFailedAuthforUsernameRoot - auditing of ‘root’ and ‘administrator’ invalid username authentication attempts. Set to false by default; true to audit
  • AuditFailedSocketConnectionsOther - auditing of other failed socket connections. Set to true (audit) by default; false to disable
  • AuditIgnoreFailedAuthforNonExistingUsernames - auditing of usernames that are not a user in EFT; set to true to audit (introduced in EFT Arcus in v7.4.14)
  • AuditIsInternal - auditing of non-CRUD (IsInternal) transactions. Set to false by default. When set to true, EFT will audit a row to protocol commands for resources that have an IsInternal flag set to 1. For example, IsInternalflag is set to 1 for HTTP protocol GET requests for reserved paths.
  • AuditIsRESTAdmin - auditing of Administrative REST calls. Set to false by default; true to audit
  • AuditIsRESTRAMAgent - auditing of RAM REST calls. Set to false by default; true to audit
  • AuditIsRESTUSER - auditing of user-initiated REST calls. Set to false by default; true to audit
  • AuditIsRESTWorkspacesInternal - auditing of Workspaces config REST calls. Set to false by default; true to audit
  • AuditUnimportantCommands - auditing of unimportant (non CRUD) operations (HTTPS connections only). Set to false by default. When set to true, EFT will audit  to tbl_ProtocolCommands the HTTPS commands where command is "HEAD", "SIZE", "LIST", "GET", "OPTIONS", "QUIT".
  • AuditRedundantUserAndPass - auditing of username and password for S/FTP/S events. Set to true by default; true to audit
  • AuditRESTWorkspaces - auditing of Workspaces REST calls. Set to False by default; true to audit
  • AuditSuccessSocketConnections - auditing of successful socket connections. Set to False (don't audit) by default; true to audit

To enable these advanced properties

  • Add the applicable name:value pair to the AdvancedProperties.JSON file. You can add multiple name:value pairs. For example:

{
"AuditFailedAuthforNonExistingUsernames":false
"AuditRedundantUserAndPass":false
"AuditSuccessSocketConnections":false
}

For more information about the Advanced Properties, refer to the online help for your version of EFT.

Share Article

On a scale of 1-5, please rate the helpfulness of this article



Not Helpful
Very Helpful
Optionally provide additional feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: Last Year
Last Modified By: kmarsh
Type: HOWTO
Rated 2 stars based on 2 votes.
Article has been viewed 34K times.
Options
Print Article
Export As PDF
Also In This Category
Tags
AuditBannedSocketConnections
AuditFailedAuthforNonExistingUsernames
AuditFailedAuthforUsernameRoot
AuditFailedSocketConnectionsOther
AuditIgnoreFailedAuthforNonExistingUsernames
Auditing
AuditIsInternal
AuditIsRESTAdmin
AuditIsRESTRAMAgent
AuditIsRESTUSER
Customer Support Software By InstantKB 2020 Final
Execution: 0.000. 8 queries. Compression Disabled.