Ability to track/ audit GroupWise Administrative Changes - System Wide - with Sentinel or other event management tools

Idea ID 2786115

Ability to track/ audit GroupWise Administrative Changes - System Wide - with Sentinel or other event management tools

GroupWise has no ability to track/ audit GroupWise Administrative Changes - System Wide - with Sentinel or other event management tools. This is a real urgent requirement.
7 Comments
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
Yes. Who did what when from where (IP address of admin browser session)
Commodore
Commodore
I particularly need to be able to see if a message retention flag was un-set on a mailbox (for example).
Absent Member.
Absent Member.
Even without directing them to a SIEM solution, we need a way to have the GW-Admin console log who logged in and from where. To be able to track who made the changes that are logged in /var/log/novell/groupwise/gwadmin/gwadmin-console.log ? Usually only failed logins show in that file, and are a bit cryptic a non-admin with correct credentials has the same report as a non-admin without correct password. 2016-11-15 13:11:50 GwAuthenticationProvider [ERROR] ***Failed to Login **** No admin rights bogus IDs that don't exist in the system only show as failed login 2016-11-15 13:12:03 GwAuthenticationProvider [ERROR] ***Failed to Login **** Not allowed At least the user names of failed/blocked logins are shown in gwadmin- service.log, but we still can't tell who did what.
Commodore
Commodore
Reiterating this request: apparently, I have a help desk person un-setting the message retention flag on some mailboxes (which could get us in a boatload of legal trouble), but I cannot tell who is doing this. If I knew who was doing this, I could tell them to stop (or take away their administration rights).
Admiral
Admiral
This is totally needed, everything is now audited, why not GroupWise ( more secure as Exchange )
Cadet 1st Class
Cadet 1st Class
Yes, It's a need.........
Absent Member.
Absent Member.
Please add this auditing features
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.