Forum / NoMachine for Linux / File transfer logs
Tagged: File Transfers
- This topic has 5 replies, 2 voices, and was last updated 8 years, 3 months ago by fra81.
-
AuthorPosts
-
August 10, 2016 at 11:15 #12038ggkekasParticipant
Hi,
is there a way to have audit logs for file transfers? The file transfer features are actually very handy and highly configurable but a way to audit what is going in and out of a server is needed by almost all legal departments in order for a solution to be compliant.
Alternatively, is there perhaps a system event triggered, when a file transfer takes place, which would allow me to script my own logging functionality?
August 17, 2016 at 15:21 #12103fra81ModeratorThank you ggkekas, that is really a great point!
I was sure that we had something printed in the logs already, but I checked the software and it doesn’t seem to be the case. This is a must have feature and I don’t know actually how we could have missed it.
We opened a FR right away:
https://www.nomachine.com/FR08N03169
Please let us know if you have any more suggestions 😉
August 19, 2016 at 08:32 #12119ggkekasParticipantAnother very useful feature related to the above would be to restrict the download / upload functionality only from / to specific folders. This would allow us i) to extend the audit functionality if needed by simply observing only those folders and ii) to offer a kind of historic and retrospective view on the files that were downloaded / uploaded. The last is quite important especially for the download process, where we could design a solution with which a user would push files into the restricted area and only then he would be able to download them. However, he wouldn’t be able to delete them from that area. As such, an audit process could really check which files have been downloaded.
August 22, 2016 at 10:13 #12146fra81ModeratorIt’s worth noting that such functionalities are already offered by the operative system. When a user logs in, it is logged with the specific priviliges of the logged system user. For example, the operative system can provide “public” directories designated to allow the file sharing between users. Even restricting the file transfer to specific directories, we wouldn’t prevent the user from copying a readable file from a restricted directory into an allowed directory, and then proceeding with the download (e.g., copying ‘/etc/passwd’ to ‘/MyDownloadableDirectory/Notes.txt’ and then downloading Notes.txt).
In other words, we would step on the operative system’s toes, that we don’t think it is a good idea.But still, a detailed and accurate logging is absolutely necessary.
August 23, 2016 at 12:33 #12157ggkekasParticipantHi,
regarding my second suggestion. The intention here was not to forbid the download of certain files nor to provide some kind of access right management but to provide a retrospective auditing of what the user really downloaded. By having a constrained directory, we could build a script with elevated privileges to write into that directory on behalf of the user. However, the user wouldn’t be able to fake or delete the file afterwards he had put it there. As such, an auditor could then inspect the contents of the file which was downloaded. Simply having an audit log may be insufficient in certain cases because the auditor may just see just a filename and not the contents of the downloaded file.
September 2, 2016 at 12:44 #12271fra81ModeratorHi,
it is indeed a possible use case, though specific. I’m adding a note to the Feature Request.
-
AuthorPosts
This topic was marked as closed, you can't post.