SysAdmin users can change these settings.
The Configure Event Log Settings page displays.
Windows Event Logging
Audit log entries that report successful actions are entered as Information level events. Entries that report unsuccessful actions are entered as Error level events.
Although MOVEit Transfer can send audit entries directly to a remote Syslog server, other utilities are available for sending logs from local Event Logs to SysLog or SNMP management consoles. For more information, see SysLog and SNMP.
As SysAdmin, click SETTINGS > System > Auditing > Syslog. The Configure Syslog Settings page displays.
Note: In addition to editing this setting, a SysAdmin must configure a Syslog host, and optionally configure a Port to use for the connection (default = 514), and the Facility that audit messages appear as on the Syslog management console (default = FTP).
Syslog Logging.
Syslog Host. Host to which to send the entries.
Send Test Syslog Message. Sends a test message to specified host. Because the BSD Syslog implementation is based on UDP, the administrator must manually verify that the test message arrived at the remote Syslog management console.
Syslog Port (optional). Alternate port for the Syslog connection. If blank, it reverts to the default port.
Syslog Facility (optional). The facility under which the MOVEit Transfer Syslog messages will appear on the remote Syslog host.
SysLog is based on UDP (usually port 514) and is therefore a best efforts protocol because neither the client nor the server know whether SysLog messages are dropped by the network.
Audit log entries that report successful actions are entered as Information level events. Entries that report unsuccessful actions are entered as Error level events.
Example:
If the test is successful, a message similar to below should show up in the Syslog management console on the remote Syslog server:
As SysAdmin, click SETTINGS > System > Auditing > Syslog. The Set Error Display Settings page opens. Make a selection and click Change Setting.
Show System Error Messages.
For more information, see Exception Handling.
Normally, MOVEit Transfer records every failed signon attempt that happens on the system to the audit log. On some busy systems, large numbers of these records can make it difficult to search for other issues, and can slow down access to all audit log records. To alleviate this problem, you can prevent certain types of signon failures from being recorded in the log.
The Enable Logging of Extraneous Failed Signons page opens.
Log Insecure FTP Failed Sign-ons:
Insecure FTP Failed Signons occur when the server is configured to disallow all non-secure FTP signons. This is the default configuration of a MOVEit DMZ server. If a user attempts to sign on to the MOVEit Transfer FTP server before initiating a secure connection, the user will be disallowed, and a failed signon event will occur.
Note: This option does NOT prevent audit log records from being written if the MOVEit Transfer FTP server is configured to allow insecure access, but either the user's IP address or user account is prevented from using the insecure FTP interface.