KACE Admin Login - Report or Alert
Is it possible to have my K1000 SMA send an alert or at least allow me to build a report that shows when the last logon time was that the K1000 Admins have last logged into the appliance? We have an issue in our environment that a few KACE admins are using a generic account to change things that should not be changed and I would like to have the following:
FROM IP (i.e. the IP Address from the logon of the account)
DATE/TIME
KACE ADMIN ACCOUNT USED (of the account the person tried to access)
STATUS of the attempted login (i.e. failed, success, etc)
I do know that the User Authentication Log (in the Settings > Logs area) is useful on a daily basis to see who logged in, but it doesn't give any past historical records greater than today's date and time. Ultimately, a report that we can run based upon a specific KACE Admin account would be nice, but i would be ok in having a full login history of any KACE Admin account during a specific time frame. If the report is not achievable, what about an alert that is sent out to an email distribution log that would let the compliance team know that there was an attempted login of an account?
Thanks for your help.
Answers (1)
Why not reset the admin password and don't tell them.......that should stop the negative behaviour ;o)
Comments:
-
While that would stop the behavior, it doesn't solve the ability to run a report to see who is logging in. I am ultimately trying to get an admin login report. - balldigy 4 years ago
-
I agree with you. I would like the ability to run an audit of failed login attempts and from which device or IP address. I know they are buried in the logs but that is a chore to go digging through. - zbaatz 4 years ago