@import "/themes/withsecure/design/coveo/CoveoFullSearch.min.css"; @import "/themes/withsecure/design/headerfooter.css"; header .container, .top-header {display:flex; width: 100%;padding: 0;flex-direction: row;justify-content: space-between;} a#searchboxtoggle[data-toggle="collapse"] #displaysearch:before {content: "\f220";font-family: fsg-icon;font-size: 26px;color: #red;font-style:normal} a#searchboxtoggle[data-toggle="expand"] #displaysearch:before {content: "\f130";font-family: fsg-icon;font-size: 26px;color: #fff;font-style:normal} .header-searchbox {position: absolute;margin: 0;z-index: 30;width: 0;overflow: hidden;right: 30px;height: 53px; transition: .6s ease-in-out;} @media screen and (max-width: 370px){ .header-searchbox.expand {width: 300px;} } @media screen and (min-width:371px) and (max-width: 700px){ .header-searchbox.expand {width: 450px;} } @media screen and (min-width:701px) and (max-width: 991px){ .header-searchbox.expand {width: 450px;} } @media screen and (max-width: 991px){ a.Header-logo svg {margin-top:8px} .header-coveosearch { margin:auto;width: 60px;position: absolute;right: 0;height: 64px;} .header-searchbox {width: 0;overflow:hidden} .header-searchcontainer {position:absolute;margin:auto;top: 0;width: 60px;height: 62px;text-align: center;} .header-searchcontainer {padding-top: 6px;} .header-searchbox {position: absolute;margin: 0;z-index: 30;width: 0;overflow: hidden;right: 60px;top:0;height: 63px;} .bottom-header.display {width:100%} .searchPage .Hamburger {right:9px!important;left:unset!important} .searchPage .Hamburger-border {right:0!important;} } @media screen and (min-width: 992px){ header .row:nth-child(1) {position:absolute; top:0;height:52px} .bottom-header {margin-top:60px} .header-top-links {margin-left:auto} .header-searchcontainer {float:unset; margin:unset} .header-coveosearch {margin-top:8px;margin-right:30px;width: 10px;} .header-searchbox {top: -9px;} .header-searchbox.expand {width: 500px; min-height:200px} .searchboxtoggle {margin-top:0} .searchboxtoggle:hover {cursor:pointer} .searchboxtoggle:hover #displaysearch:before, .header-searchcontainer.expand .searchboxtoggle:hover #displaysearch:before {color: #c6ceff} .helpforum-dropdown:hover, .supportarticles-dropdown:hover {cursor: default;} .helpforum-dropdown a:hover {cursor: pointer;} .helpforum-dropdown a, .supportarticles-dropdown p {width: fit-content} .header-top-link.active::after, .header-top-link:hover::after {top:-5px} .helpforum-dropdown.active::after, .supportarticles-dropdown.active::after, .dropdowns > li:hover::after {top:7px} } @media screen and (min-width: 992px) and (orientation:landscape) { .top-header {width:98%;} } .btn { min-width: 100px; } .btn-inverse { color: #fff; border-color: #fff; background-color: #00000000; border-width: 1px; } .btn { display: inline-block; margin-bottom: 0; font-weight: 600; text-align: center; vertical-align: middle; touch-action: manipulation; cursor: pointer; background-image: none; border: 1px #00000000; line-height: .71; border-radius: 4px; -webkit-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; font-size: 14px; padding: 14px 15px; min-width: 114px; text-decoration: none; } .btn-lg, .btn { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; } .btn { text-rendering: optimizeLegibility; -ms-font-feature-settings: "liga" 1,"kern" 1; font-feature-settings: "liga" 1,"kern" 1; font-variant-ligatures: normal; font-kerning: normal; } a { text-decoration: underline; } .cmp_footer { font-family: Archivo-Light; color: #bec3c8; font-size: 14px; font-weight: 300; line-height: 1.6em; letter-spacing: .03em; background-color: #001423; color: #fff; padding: 3em 0 2em 0; text-align: center; } @media (min-width: 992px) .cmp_footer__newsletter { grid-area: newsletter; margin-top: 2.5em; } .cmp_footer { font-family: Archivo; color: #bec3c8; font-size: 14px; font-weight: 300; line-height: 1.6em; letter-spacing: .03em; background-color: #001423; color: #fff; padding: 3em 0 2em 0; text-align: center; } .btn.btn-inverse.btn-outline { border: 1px solid #fff; }

Community

Support Articles WithSecure Business Suite

Does F-Secure Policy Manager Console have activity logging (audit trail / auditing)?

Issue:

Does F-Secure Policy Manager create and maintain an audit log for user and admin activity? For example for these events:

User login / logoff
Host deletion / add / rename events
Policy sub-domain deletion / add / rename events
Change of policy settings

Resolution:

The F-Secure Policy Manager Server logs can be found in the following folder:

C:\Program Files (x86)\F-Secure\Management Server 5\logs

The user login actions are recorded in the fspms-users.log. The log does not show the full user name, only the User ID. To get the full user name, a query must be performed using the H2Console. The H2Console is not enabled by default, so it will need to be enabled before you can run the query.

How to enable H2Console:

Note: Please backup your registry before making any registry changes

Open Registry Editor (regedit)
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5\
Edit "additional_java_args"
Add parameter: -Dh2ConsoleEnabled=true
Close registry editor and restart F-Secure Policy Manager Server service by running command line commands net stop fsms and net start fsms

How to open H2Console and run query:

Open a browser and go to https://localhost:8080
Click the H2Console link
Type in query: SELECT * FROM users;
Click Run (Ctrl+Enter) to run the query

You will receive a result showing which user names correspond to which User ID.

Changes made to policy settings are saved in fspms-policy-audit.log.

Changes made to the Policy domain computers/servers or specifically changes made to the policy domain structure are saved in fspms-domain-tree-audit.log.

Another log to look into is fspms-active-directory-rules.log. For example, in case the AD synchronization rule was executed, and the host with unique ID, 4d896695-8de1-4f96-9c29-0ebd2bb60418 was moved into a domain, you will find the following is logged:

20.06.2022 17:59:01,276 INFO [activeDirectoryRules] - Starting to process manually triggered rule [ruleId=5, domainController='LDAP://<domain name>', containerDn='OU=<OU name>,DC=<partial domain name>,DC=<partial domain name>', containerGuid='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', targetDomainId=<policy domain ID>, enabled=true]
20.06.2022 17:59:01,386 INFO [activeDirectoryRules] - 1 hosts found in Active Directory, 0 of them unmanaged
20.06.2022 17:59:01,388 INFO [activeDirectoryRules] - Domain <policy domain name> updated
20.06.2022 17:59:01,390 INFO [activeDirectoryRules] - Host having identity 4d896695-8de1-4f96-9c29-0ebd2bb60418 moved
20.06.2022 17:59:01,416 INFO [activeDirectoryRules] - Rule was successfully processed

Q: How to find out who deleted a policy sub-domain in Policy Manage Console?
A: This information is available in the fspms-domain-tree-audit.logs. Below is an example, where a sub-domain called test was added and immediately deleted.

05.12.2019 09:44:17,785 INFO [audit.domainTree] - User 'admin' added domain test (id=76) to domain Root (id=1)
05.12.2019 09:44:23,615 INFO [audit.domainTree] - User 'admin' deleted domain test (id=76)

Article no: 000007129