Data monitoring and security for Lotus Domino platform

1. What is AuditLog in fact?

2. How does it work?

3. Why is it so special?

4. How can it be used?

5. Resumption

AuditLog monitors changes appearing in Domino databases while they are used.

What does it mean?!

Let’s say we have four types of „objects” in Domino environment:

Databases Documents in databases ACL Databases’ source code

AuditLog monitors and registers anything what we – users, administrators, developers - can do to these objects!

Create Open Modify Delete

So when you

Any of those objects

AuditLog creates proper log in logs database Logs database

AuditLog is some kind of Domino server „plug-in” written in C/C++, that has one job to do:

This job is to listen to and log predefined Domino server „sounds”.

Those sounds can be:

New document in mail database with support@dysant.com address in field „To:”

John Smith/Company opens CRM database

Any of authorized users modifies CRM’s ACL

When object is modified – AuditLog captures and registers all before and after values

So let’s assume it in graphical way.

We have Domino server

And databases on it

And users working with databases

At the very beginning AuditLog is dumb

We configure it to listen to mentioned previously sounds

When predefined sound appears AuditLog creates proper log in logs database and optionally sends notification to selected users

It needs no database source code modification to start monitoring any kind of changes in any database

You can start monitoring houndredes of databases right now

You can monitor even those databases which are source code secured

You can monitor not only single document changes but also changes made to database itself, permissions or even schema

You want to be notified about any e-mail message your

employee John Smith sends to your client – LotusWise

company

All you have to do is to configure Document Monitor in

AuditLog Configuration database where you select:

Database to be monitored - John Smith’s mail database

Event to be monitored – Create (any new document)

Condition – LotusWise word in any of „To:, Bc:, Bcc:” fields

of message form

Person to be notified - yourself

You want to be notified about any modification made to

Lead document in CRM database where Price field is bigger

then 50.000 EUR

All you have to do is to configure Document Monitor in AuditLog

Configuration database where you select:

Database to be monitored – CRM database

Event to be monitored – Modification

Condition – monitor all fields if value in „Price” field is > 50.000

Person to be notified - yourself Log about such a change will contain both before and after

value

You want to know who, how often and when opens

KnowledgeStrom database

All you have to do is to configure Database Monitor in

AuditLog Configuration database where you select:

Database to be monitored - KnowledgeStorm

Event to be monitored – Open

Condition – no condition, every opening is to be captured

Person to be notified – nobody (just at the end of a day you

will review created logs) You can export logs to any relational database to analyze

them

You want to know who and when deletes previligies to

ISO database

All you have to do is to configure ACL Monitor in AuditLog

Configuration database where you select:

Database to be monitored - ISO

Event to be monitored – Delete

Condition – no condition, every deletation is to be captured

Person to be notified – nobody (just at the end of a day you

will review created logs) In logs database there will be also ACL value before

deletation

You want to know which developer creates error code to

your new project „Business trip requests management” -

BTRM All you have to do is to configure Schema Monitor in

AuditLog Configuration database where you select:

Database to be monitored - BTRM

Event to be monitored – Create, Modify, Delete

Condition – no condition, every source code event will be

captured with before and after value, date and author

Understand who is doing what to your data and when

Monitor your databases activities without application

modification Capture, store and report changes in documents, databases,

permissions and schemas

Receive instant notifications when key database events occur

Store all audit data in central repository for easy management

and reporting

Comply with audit, security and governence requirements of

21 CFR Part 11, HIPAA, Sarbanes-Oxley, Basel II and the US Patriot

Act