I think in the following Security Log entries is crucial information missing and wrong information is reported:1. ID for ‘Paul Clemmons/MARKETING/HENSELER’ (IP Address 192.168.91.1:3181) in vault ‘O=HENSELER-IDVault’ was not downloaded because the wrong password was supplied. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.)
Missing information: Who tried to download the ID.
Wrong information: In this case, it was not Paul Clemmons, but Administrator/HENSELER who tried to download the id Paul Clemmons.
ID successfully downloaded by auditor from vault ‘O=HENSELER-IDVault’ by ‘Paul Clemmons/MARKETING/HENSELER’ (IP address 192.168.91.1:3030).
Missing: Who downloaded which ID?
Wrong information: The ID for Paul Clemmons was downloaded by Administrator/HENSELER
Subject: Thanks; logging has been significantly improved in the current build
Here’s what the current build does:
In this case, the logging that you will see will depend on how the download was attempted. If the admin changes their notes.ini to indicate somebody else’s identity before starting Notes, you will see a logged message similar to the one that you are currently experiencing. Since the requestor doesn’t have an actual identity yet, you’ll have to track down any malefactors by their IP address.
If the admin/auditor attempts to “extract” an ID file from the vault through the extract tool, the name of the admin will be logged as well as their IP address and the name of the person being extracted.
Does that give you enough information to maintain a solid audit trail?
