Example: How to Detect Who Opened a Session
Bob has left the company. However, it is suspected that his Notes ID file is still being used. The Notes administrator creates an Intrusion Detection Monitor to find out when Bob's user id will attempt to access the Domino Server
To create an Intrusion Detection Monitor for the above case:
- Open the SecurTrac Configuration Database (SCTCFG.NSF).
- In the left pane, select .
- Click the button on the action bar.
- In the section of the 'Basics' tab', select 'All in the domain'.
- In the section of the 'Basics' tab', select 'Central Log Database'.
- In the click the pre-defined event list and select "New User Session"
- In the 'Event Description' field, a description will automatically be added.
- In the 'Event Wording' field, the required syntax will automatically be added.
- In the section on the 'Administration' tab, specify the Owner and Administrators for the monitor. Either type in user name directly or look-up from the Domino Directory. (To type in user names, multiple entries are allowed ONLY for the 'Administrators' field. You should separate the entries by using a comma ' , '.).
- Click the button at the top of the form to save the configuration and to activate the Intrusion Detection monitor.
To view the log in Intrusion Detection Monitor for the above case:
- Open the SecurTrac Central Log Database (SCTLOG.NSF).
- In the left pane, select .
- In the right side pane, a list of intrusion detection logs will be shown. These logs are sorted by date and time.
- See if there is any event log beginning with "New User Session ".
- Double click the event log to see the details of the log.
-------------------------------------------------------------------------------------------------------------------------------------------