- This topic has 5 replies, 2 voices, and was last updated 7 years, 7 months ago by
.
-
Posts
-
Hi,
is there a way to have audit logs for file transfers? The file transfer features are actually very handy and highly configurable but a way to audit what is going in and out of a server is needed by almost all legal departments in order for a solution to be compliant.
Alternatively, is there perhaps a system event triggered, when a file transfer takes place, which would allow me to script my own logging functionality?
Thank you ggkekas, that is really a great point!
I was sure that we had something printed in the logs already, but I checked the software and it doesn’t seem to be the case. This is a must have feature and I don’t know actually how we could have missed it.
We opened a FR right away:
https://www.nomachine.com/FR08N03169
Please let us know if you have any more suggestions 😉
Another very useful feature related to the above would be to restrict the download / upload functionality only from / to specific folders. This would allow us i) to extend the audit functionality if needed by simply observing only those folders and ii) to offer a kind of historic and retrospective view on the files that were downloaded / uploaded. The last is quite important especially for the download process, where we could design a solution with which a user would push files into the restricted area and only then he would be able to download them. However, he wouldn’t be able to delete them from that area. As such, an audit process could really check which files have been downloaded.
It’s worth noting that such functionalities are already offered by the operative system. When a user logs in, it is logged with the specific priviliges of the logged system user. For example, the operative system can provide “public” directories designated to allow the file sharing between users. Even restricting the file transfer to specific directories, we wouldn’t prevent the user from copying a readable file from a restricted directory into an allowed directory, and then proceeding with the download (e.g., copying ‘/etc/passwd’ to ‘/MyDownloadableDirectory/Notes.txt’ and then downloading Notes.txt).
In other words, we would step on the operative system’s toes, that we don’t think it is a good idea.But still, a detailed and accurate logging is absolutely necessary.
Hi,
regarding my second suggestion. The intention here was not to forbid the download of certain files nor to provide some kind of access right management but to provide a retrospective auditing of what the user really downloaded. By having a constrained directory, we could build a script with elevated privileges to write into that directory on behalf of the user. However, the user wouldn’t be able to fake or delete the file afterwards he had put it there. As such, an auditor could then inspect the contents of the file which was downloaded. Simply having an audit log may be insufficient in certain cases because the auditor may just see just a filename and not the contents of the downloaded file.
This topic was marked as closed, you can't post.