KeyControl Activity Tracking
KeyControl tracks all activity on the system in the audit log. Users can export the audit log from the webGUI but they cannot change it in any way. For security reasons, KeyControl tracks most of the events in the system.
For important events, KeyControl makes an entry in the audit log and also raises an alert. Users can look at the Alert tab in the webGUI to get a quick overview of the major events that have taken place in the system. webGUI users can delete an alert from their local view, but the same alert will still be visible to other KeyControl users who have the same KeyControl permissions.
KeyControl categorizes audit log messages and alerts based on both the user's administrative roles (Cloud Admin, Domain Admin, and Security Admin) and the groups to which the user belongs. When a user logs into the webGUI, they can see the audit log messages and alerts generated by their groups that correspond to the privileges associated with their account. For example:
- If a Security Administrator logs in, they will see an alert if a user account is locked because a user exceeded the maximum number of consecutive failed login attempts. Security Administrators are not assigned to a group, so all Security Administrators see all security alerts.
- If a Cloud Administrator logs in, they will see an alert if a new Cloud VM Set has been created in one of the Cloud VM Sets in their associated groups. They will not see an alert about Cloud VM Sets created in other groups.
- If a Domain Administrator logs in, they will see an alert if a new KeyControl node has been added to the cluster.
- If someone with Security, Cloud, and Domain Admin privileges logs in, they will see all three of the alerts mentioned above.
In addition to viewing alerts in the webGUI, administrators can also receive alerts by email depending on how the system is configured. For details, see Setting Email Server Preferences.
For a list of audit log messages, see KeyControl Audit Messages.
