Auditing User Logins
Redwood Server audits logins of users by default. The user login audit trail can be accessed by navigating to "Auditing > User Logins"; user logins are not displayed alongside object change audit logs in the "Auditing > Audit Trail" overview.
The module logs the username, time, interface, IP address, protocol, and user agent; the latter two are not displayed in the User Logins overview by default. You add the Protocol and/or User Agent columns from the column chooser.
The module only logs logins to the web interface, other logins, for example via a CAR file uploader, are not taken into account.
The UserLoginAuditor audit rule can be edited and/or disabled but not deleted. You can create your own User Login audit rules. By default, the module audits logins to the web interface from all users; you specify a specific username, a GLOB, or regular expression to match usernames to be audited.
Tabs & Fields
| Tab | Field | Description |
|---|---|---|
| Audit Rule | Name | Name of the audit rule |
| Audit Rule | Description | Description of the audit rule |
| Audit Rule | Application | Application of the audit rule |
| Audit Rule | Rule Object Type|User Login | User login audit |
| Audit Rule | Level|Full Audit | The level of auditing; has no effect on User Login auditing |
| Audit Rule | Name Pattern | Username pattern to match |
| Audit Rule | Name Pattern Match Type | Pattern matching mode |
| Audit Rule | Application Rule | Has no effect on User Login auditing |
| Audit Rule | Application to Match | Has no effect on User Login auditing |
| Audit Rule | Partition Pattern | Has no effect on User Login auditing |
| Audit Rule | Partition Pattern Match Type | Has no effect on User Login auditing |
| Audit Rule | Enabled | Checkbox for enabling/disabling the audit rule; default is checked (enabled) |
Prerequisites
The Active Auditing Module requires the Module.Auditing license key to be present in your license.
Username Matching
You can use the following match rules for usernames:
- Exact Insensitive - The value must match, case-insensitive. No wildcards allowed.
- Exact Sensitive - The value must match, case-sensitive. No wildcards allowed.
- GLOB Insensitive - The value must match, case-insensitive. GLOB wildcards allowed (
?and*). - GLOB Sensitive - The value must match, case-sensitive. GLOB wildcards allowed (
?and*). - RegEx Insensitive - The value must match, case-insensitive. Regular Expression pattern.
- RegEx Sensitive - The value must match, case-sensitive. Regular Expression pattern.
Note that Application and Partition matches are ignored for audit rules for user logins.