GroupWise has no ability to track/ audit GroupWise Administrative Changes - System Wide - with Sentinel or other event management tools. This is a real urgent requirement.

by: Leandra S. | over a year ago | Administration

Comments

• Yes. Who did what when from where (IP address of admin browser session)

  by: Gene H. | over a year ago

• I particularly need to be able to see if a message retention flag was un-set on a mailbox (for example).

  by: David G. | over a year ago

• Even without directing them to a SIEM solution, we need a way to have the GW-Admin console log who logged in and from where.
  To be able to track who made the changes that are logged in
  /var/log/novell/groupwise/gwadmin/gwadmin-console.log
  ?
  
  Usually only failed logins show in that file, and are a bit cryptic
  a non-admin with correct credentials has the same report as a non-admin
  without correct password.
  2016-11-15 13:11:50 GwAuthenticationProvider [ERROR] ***Failed to Login
  **** No admin rights
  
  bogus IDs that don't exist in the system only show as failed login
  2016-11-15 13:12:03 GwAuthenticationProvider [ERROR] ***Failed to Login
  **** Not allowed
  
  At least the user names of failed/blocked logins are shown in gwadmin-
  service.log, but we still can't tell who did what.

  by: Andy K. | over a year ago

• Reiterating this request: apparently, I have a help desk person un-setting the message retention flag on some mailboxes (which could get us in a boatload of legal trouble), but I cannot tell who is doing this. If I knew who was doing this, I could tell them to stop (or take away their administration rights).

  by: David G. | over a year ago

• This is totally needed, everything is now audited, why not GroupWise ( more secure as Exchange )

  by: David K. | over a year ago

• Yes, It's a need.........

  by: André D. | over a year ago

• Please add this auditing features

  by: Torri H. | over a year ago