So we have been asked to perform login monitoring for Hyperion apps as part of HIPPA compliance. We are looking for:
1. Suspicious login activities.
2. Daily report of failed authentications.
Our plan is to setup a third party listener on Hyperion server(on which it is installed) which will capture the Hyperion security log files and sent to a third party monitoring software. That will monitor the logs for any suspicious activity.
I have two questions:
1. Since we need to constantly monitor the log file, so I was thinking of using the "SharedServices_Security.log" from the location below but it is not showing the most recent activity.
| Shared Services | MIDDLEWARE_HOME/user_projects/domains/EPMSystem/servers/FoundationServices0/logs | - SharedServices_Admin.log–Applications Groups management activity
- SharedServices_Audit.log–Audit server errors while reading/writing audit information to the database or while configuring auditing
- SharedServices_Audit_Client.log–Information about the audit client
- SharedServices_CMSClient.log–Metadata Service client activity
- SharedServices_Hub.log–Shared Services listener and initialization activity
- SharedServices_ImportExport.log–
- SharedServices_LCM.log–Lifecycle Management activity when it is run from EPM Workspace
- SharedServices_Registry.log–Shared Services Registry activity
- SharedServices_Security.log–User management, provisioning, authentication, and single sign-on activity
- SharedServices_TaskFlow.log–Information about Taskflows
|
2. Other question is, is there way to send 'security audit reports' from the shared services to the monitoring tools, sutomatically?
I would appreciate any help guys.