Security Audit service

In ELMA365 you can log and analyze events related to changing the user permissions and data.

You can use our built-in module and a separate Security Audit service for storing and displaying information about system events.

The module and the service allow you to monitor the following events:

• when a user logs in and logs out;
• unsuccessful attempts to enter a user password;
• when a user signs out by clicking the Sign Out button;
• when app items are added, modified or deleting;
• when a user changes a file or uploads a new version.

The data about these registered security events is stored in an external database.

You need to implement the service in ELMA36 and then download the module from ELMA365 Store.

Install the service on the On-Premises version

Run the following command:

curl -fsSL -o audit-installer.sh https://dl.elma365.com/extensions/audit/master/latest/download && chmod +x audit-installer.sh && ./audit-installer.sh

You will be offered to select the database. For testing, you can use the internal database. When you select an external database, make sure that the selected user has permissions for scheme public  for creating and deleting tables, functions and indexes.

The audit service for the internal and external databases is installed in a separate namespace audit.

When connecting for the first time, the service will create all the necessary tables.

Please note that if using a PostgreSQL external database, you need to install the uuid-ossp and pg_trgm extensions. Also take into account the minimum hardware requirements and requirements for the server version:

DBMS server PostgreSQL
DBMS: PostgreSQL v10.14
OS: Ubuntu Server 20.04 LTS
CPU: 2 core,  2.2 GHz or higher (Intel Xeon recommended).
Hard Disk:
20 GB (OS + PostgreSQL server, RAID, SSD)
100 GB (for data, RAID 5, SSD)
RAM: 4 GB
Network: LAN 1 Gbit/sec and higher
Th extension of disk storage is evaluated by the customer independently or is based on the results of an analysis of the company's activities.

Configuration and display of events from the service

Install the module

1. Go to Administration > Modules. 
2. In the top right corner, click +Module.

3. In the provided window, select Download. The ELMA365 Store catalog opens.
4. In the Integration and modules section select Other.
5. Select the Security audit module and click Install module.
6. In the provided window, click Next.
7. Go to the installed module and enter the value in the Audit service URL field. The default value when installing inside the 365 cluster is http://audit.audit.svc:3000. 
8. Save the changes.

After you have installed the module, you can view the registered events. To learn more about working with the module, see Security Audit module.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

Found a typo? Highlight the text, press ctrl + enter and notify us