SecurTrac Administration Guide

How to configure a Domino Directory Monitor

You can keep track of all changes on Domino directory, including document, design and ACL changes, by using the Domino Directory Monitor function of SecurTrac^TM. To configure the Domino Directory Monitor, you need to open the SecurTrac Configuration Database (SCTCFG.NSF)

To create a Domino directory monitor:

Open the SecurTrac Configuration Database (SCTCFG.NSF).
In the left pane, select .
Click the button on the action bar.
Specify the preferred configuration settings and click the button.
Below is a table describing each of the available configurations within the Domino Directory Monitor.

Basics Tab:

Section

Field

Description

Database To Monitor

File Name

Specify the relative path and file name of the Domino Directory to be monitored. Normally, the Domino Directory file is "NAMES.NSF". If you have multiple Domino Directory databases to be monitored, please compose a separate monitor for each Domino Directory database.

AND the people are using Full Access Administration privilege.

When this option is selected, only when some making changes in the Domino Directory has the Full Access Administration privilege activated, will this monitor be triggered.

Server(s)

Either select "All in the Domain" or "Only the following" servers.

If you select "All in the Domain", databases on all servers in the current domain that match the specified criteria(folder or file name) will be monitored by SecurTrac^TM.

If you select "Only the following", a list box will be shown for you to select the specific server(s) in the current domain to be monitored. Click on the button to choose the server(s) you want to monitor.

Description

This is an optional field which allows user to input descriptions or remark for this monitor.

Log Database

File name

Select

Log to the default database	The corresponding log will be stored in a Central Log Database (SctLog.nsf).
Log to the specified database	The corresponding log will be stored in the database you specified.

Server name

Select

Log to the server where the event occurred	The corresponding log will be created on the same server where the event occurred.
Log to the specified server	The corresponding log will be created on the server you specified. If you select this option, please make sure the originating server has sufficient access to the remote log database on this specified server.

Multiple Monitors Matched Handling

Single log entry

This is the default option. Select this option if you want SecurTrac^TM to generate one log entry only for all monitor(s) matched.

Multiple log entries

Select this option if you want SecurTrac^TM to generate a new log entry for each monitor matched.

Enablement

Disable this Domino Directory Monitor

If this field is checked, SecurTrac^TM will temporarily disable that specific Domino Directory Monitor and no configured events within that Domino Directory Monitor document will be logged.

Monitor --> Document Tab:

Section	Field	Description
Criteria to match	Create*	Select this option to monitor any document creation in the database.
	Update*	Select this option to monitor any document updates in the database.
	Delete*	Select this option to monitor any document deletions in the database.
	All/Select...	For each type of document, select either 'all documents' or 'specific document(s)' to be monitored.
Criteria to match: Formula Editor	Log if formula is true	Specify criteria for database monitoring. You should enter Notes @formula whose return value must be either TRUE or FALSE. For example, you can add ' Form="Salary" ' to monitor only Salary documents. Note: If the action is Update, the formula is run against the original document, not the "to-be-saved" document. Refer to Building Sophisticated Criteria section for advanced Formula settings.
Criteria to match: Formula Wizard	Log if these conditions are met	Using the new Formula Wizard, now you can easily create criteria to match, with no need to have programming experience. With its intuitive interface, you can easily select criteria conditions based on certain field conditions.
Criteria to match: Formula Wizard	Show formula generated by the Formula Wizard	Not selected by default and only visible when the Formula Wizard is used. When conditions are selected and applied using the Formula Wizard, a formula is automatically generated. Select this option to display the generated formula.
	And the following fields are changed	Select this option if you are only interested in certain fields that have changed. A log will be generated when one of the specified fields is changed. In other words, if none of the specified fields are changed, a log will not be generated. This option applies to the Update action only.
Exception	Don't generate log if the action is triggered by replication	Select this option to prevent logging if the action is triggered by replication.
	Don't generate log if the action is triggered by the following tasks	Select this option to prevent logging if the action is triggered by specified tasks.
	Don't generate log if the action is triggered by the following user(s) or group(s)	Select this option to prevent logging if the action is triggered by specified user(s) or group(s)
	Don't generate log if there is no change in field values	Select this option to prevent logging if there is no change in field values although an update action is detected. This option applies to Update action only.
	Ignore changes to the following field(s)	Select this option to prevent logging if changes only occurred in the specified fields.
Record Field	Fields to be logged	If you select "Don't Log", no fields will be logged. If you select "All fields", every field and its value will be shown in the log. If you select "Modified fields", every modified field and its value will be shown in the log. If you select "Specified fields", you will be able to specify the fields you want to SecurTrac to log.
	Field(s) to be logged	Unless "Specified fields" is selected, this section will not be shown. Please specify all the fields you want to be logged by the database monitor.
	Log internal $fields	Log internal $fields of the document
Notification	Mailing address	Select the person who will receive an e-mail notification immediately when the event occurs.
	Importance	You can set the importance of the e-mail notification.
	Delivery Priority	You can set the delivery priority of the e-mail notification.
	Customize E-Mail Notification Message	Select this option if you want to customize the subject and content of the e-mail notification message.
	Add field	Allows you to select predefined reserved fields.
Bulk Action Detection	Enable Bulk Action Detection	Select this option to generate a Bulk Action Log if the defined events occurred a defined no. of times within a defined period.
	Send e-mail notification to	Select the person(s) who will receive an e-mail notification immediately when there are events that match the defined bulk action criteria.
	Importance	You can set the importance of the e-mail notification.
	Delivery Priority	You can set the delivery priority of the e-mail notification.
	Customize E-Mail Notification Message	Select this option if you want to customize the subject and content of the e-mail notification message.
	Add field	Allows you to select predefined reserved fields.
Export Specified Fields	Export Specified Fields	Select this option if you want to export the document fields (before and after values) to the log. Hence the values can be searched or exported for other application use. For Create Action, the specified fields will be stored and the fields would be named as "SCTCF_fieldname" in the log. For Delete Action, the specified fields will be stored and the fields would named as "SCTCF_fieldname" in the log. For Update Action, the specified fields will be stored and the before-value fields would be named as "SCTPF_fieldname" and the after-value fields would be named as "SCTCF_fieldname" in the log. The list of the specified fields will be stored as a "text list" in the field "ExportFieldList". For example, if the affected document has a field named "salary" and the value has been changed from "1000" to "2000". The SecurTrac log will contain: - a field named SCTPF_salary which stores the before-value "1000" - a field named SCTCF_salary which stores the after-value "2000" - a field named ExportFieldList which stores the field name "salary"
Export to XML(DXL)	Export the original document to DXL	Select this option if you want to enable the restore feature in SecurTrac. By enabling this option, SecurTrac will store the original document in DXL format whenever the document has been updated or deleted. In the Update/Delete log, there will be a "Restore" button to restore the document back to its previous version. Please note that the Lotus Notes client being used must at least be the same version or newer when compared the Domino server version. For example, a Lotus Notes 7 client will not be able to restore a document on a Domino 8 server. Note: This option applies to the Update/Delete action only.
Enablement	Disable the monitoring of document changes	If this field is checked, SecurTrac^TM will temporarily disable the monitoring of any document changes in the Domino Directory.

* Remarks: The Create / Update / Delete actions in the Domino Directory Monitor are associated with different types of documents including Person, Server, Group, Mail-in Database and Resource, Setup Profile, Configuration, Web Configuration, Program, Connection, Domain, External Domain Network Information and Certificate documents.

Monitor --> Design Tab:

Section	Field	Description
Design Elements	Select Design Elements to be logged	Select this option to log "All" design elements or "specify" which design elements should be logged.
Exception	Ignore Private View Change	Select this option to prevent logging of private View changes.
	Ignore Private Agent Change	Select this option to prevent logging of changes to private Agents
	Ignore Agent Data Change	Select this option to prevent logging of changes to shared Agents
	Ignore Hidden File Resource Change	Select this option to prevent logging if a Hidden File Resource has changed.
Notification	Mailing address	Select the person who will receive an e-mail notification immediately when this event occurs.
	Importance	You can set the importance of the e-mail notification
	Delivery Priority	You can set the delivery priority of the e-mail notification.
	Customize E-Mail Notification Message	Select this option if you want to customize the subject and content of the e-mail notification message.
	Add field	Allows you to select predefined reserved fields
Bulk Action Detection	Enable Bulk Action Detection	Select this option to generate a Bulk Action log if the defined events occurred a defined no. of times within a defined period.
	Importance	You can set the importance of the e-mail notification
	Delivery Priority	You can set the delivery priority of the e-mail notification.
	Send e-mail notification to	Select the person(s) who will receive an e-mail notification immediately when there are events that match the defined bulk action criteria.
	Customize E-Mail Notification Message	Select this option if you want to customize the subject and content of the e-mail notification message.
	Add field	Allows you to select predefined reserved fields
Export to XML(DXL)	Export the original Design element to DXL	Select this option if you want to enable the restore feature in SecurTrac. By enabling this option, SecurTrac will store the original design element in DXL format whenever it has been updated or deleted. In the Update/Delete log, there will be a "Restore" button to restore the design element back to its previous version. Please note that the Lotus Notes client being used must at least be the same version or newer when compared the Domino server version. For example, a Lotus Notes 7 client will not be able to restore a document on a Domino 8 server. Note: This option applies to the Update/Delete action only.
Enablement	Disable this monitoring of design changes.	If this field is checked, SecurTrac^TM will temporarily disable the monitoring of any design changes in the Domino Directory.

Monitor --> ACL Tab:

Section	Field	Description
ACL	Current Server ACL Information	Click this button to show the current ACL information for the selected database.
	Show all ACL entries	Select this option if you want to show all ACL entries in the log. If not selected, it will only show the modified ACL entries.
Exception	Don't generate log if there is no change in ACL	Select this option to prevent logging if there is no change in the ACL although an ACL profile update has been detected.
Notification	Mailing address	Select the person who will receive an e-mail notification immediately when this event occurs.
	Importance	You can set the importance of the e-mail notification
	Delivery Priority	You can set the delivery priority of the e-mail notification.
	Customize E-Mail Notification Message	Select this option if you want to customize the subject and content of the e-mail notification message.
	Add field	Allows you to select predefined reserved fields
Export to Domino XML(DXL)	Export the original ACL to DXL	Select this option if you want to enable the restore feature in SecurTrac. By enabling this option, SecurTrac will store the original Access Control List(ACL) in DXL format whenever it has been updated. In the ACL log, there will be a "Restore" button to restore the ACL back to its previous version. Please note that the Lotus Notes client being used must at least be the same version or newer when compared the Domino server version. For example, a Lotus Notes 7 client will not be able to restore a document on a Domino 8 server.
Enablement	Disable this monitoring of ACL changes	If this field is checked, SecurTrac^TM will temporarily disable the monitoring of any ACL changes in the Domino Directory.

Report Tab:

Section	Field	Description
Schedule	Run Frequency	Select the frequency of which the report is run. Daily, Weekly, Monthly.
	Run at time	Specify the time that the report should be run at.
	Days of week	Specify the days of the week that the report should run on.
Notification List	Mailing Address	Specify the mailing addresses of the people who should be notified of the reports.
	Importance	Specify the importance of the message.
	Delivery Priority	Specify the delivery priority of the message.
	Customize E-mail Notification Message	Option to customize the E-mail notification.
	Add field	Allows you to select predefined reserved fields
Enablement	Disable sending report	If this field is checked, SecurTrac^TM will temporarily disable the sending of any reports.

Administration Tab:

Section	Field	Description
Administration	Owner	Specify the owner of the monitor document.
	Administrators	Specify person(s) who can modify the current monitor document.
Settings Modification History	Date	Shows the date of modification for the current monitor document.
	Updated by	Shows the persons who have modified the current monitor document.

-------------------------------------------------------------------------------------------------------------------------------------------