Browsium

Knowledge Base

Enabling an audit trail in Proton

Applies To

Proton 4.0+

Summary

By default, Proton does not keep track of access attempts or other activities in the Proton Manager. However, the component pieces are present for adding this functionality. By modifying Proton’s Web.config file we can keep track of all access attempts, successful and not. Further logging of activities performed on the Proton Server can be collected by turning on IIS logging for the Proton site in IIS. We will cover both procedures in detail below.

Details

To locate the Web.config file on your Proton server, navigate to C:\Program Files (x86)\Browsium\Proton\Server\Sites\Server (or C:\Program Files\ … if you’re using a 32-bit Windows server). You’ll find Web.config in this directory. It can be edited with any text editor, including Notepad. You will be adding the following lines to the <system.web> element. You may also want to retain a backup of your Web.config file before making modifications as a best practice. After you save the Web.config file, IIS will automatically restart and apply your new settings.

If you have Proton deployed across numerous load-balancing web servers, you’ll need to make the same changes to Web.config on each server to ensure the log in attempt event logging policies are enforced consistently. To simplify this process, change Web.config on one server and copy the file to the other servers in your server farm. Note: This guidance assumes all web servers are communicating with a single Proton database.

Web.config is replaced when upgrading to a new version of Proton Server. You’ll need to save off a copy of your Web.config file (or record the edits you have made) before upgrading and apply your custom settings to the new file once the upgrade is complete.

To be added to the <system.web> element in Web.config:

<healthMonitoring
 enabled="true">
  <eventMappings>
   <clear />
   <add name="Browsium Proton Successful Log In"
    type="System.Web.Management.WebAuthenticationSuccessAuditEvent" />
   <add name="Browsium Proton Failed Log In"
    type="System.Web.Management.WebAuthenticationFailureAuditEvent" />
  </eventMappings>
  <providers>
   <clear/>
   <add name="EventLogProvider"
    type="System.Web.Management.EventLogWebEventProvider" />
  </providers>
  <rules>
   <clear/>
   <add name="Browsium Proton Successful Log In Rule"
    eventName="Browsium Proton Successful Log In"
    provider="EventLogProvider"
    profile="Default"
    minInstances="1"
    maxLimit="Infinite"
    minInterval="00:00:00" />
   <add name="Browsium Proton Failed Log In Rule"
    eventName="Browsium Proton Failed Log In"
    provider="EventLogProvider"
    profile="Default"
    minInstances="1"
    maxLimit="Infinite"
    minInterval="00:00:00" />
  </rules>
</healthMonitoring>

The other enhancement you can make to more comprehensively log activity on your Proton Server is to enable IIS logging for the Proton site in IIS. This can be done in the IIS Manager under ‘Logging’ within the Proton site.

Clicking on ‘Logging’ will allow you to configure where the logs are kept and how much data is retained in each log file. You can also specify the formatting used as well.

The logs are kept in the Windows Logs folder in the “Application” log as an Information level log and list ASP.NET 4.0.x as the source.

Posted in: Proton Knowledge Base

  • Share:  

Request Demo

FLASH END OF LIFE - We have a solution to allow you to use Adobe Flash securely after it's been deprecated.SCHEDULE A CALL