08-02-2011 9:56 PM
We have our FF system set up to send out a log report each night to the Controllers. If someone logs into their FFID and then immediately exits back out without doing anything, will the nightly email job (pgm /virsa/zvfat_log_report) report this FF session?
We are on GRC 5.3 SP13.
Thanks.
08-03-2011 6:13 AM
Hi Bob,
Firefighter will have 3 types of logs:
1. Session
2. Transaction
3. Change data.
The answer for your question is a big Yes.
The FF session (Login/Logout) report will be still sent even though user hasn't performed any thing. However, if user executes any transactions, it will be captured by the transaction log.
Change data is when any changes made to the configuration.
Hope this clarifies.
Regards,
Raghu
08-04-2011 6:55 PM
This appears to not quite be correct, at least not for our version. I've done some testing and it depends on what the user does before they exit back out.
If they log into FF and hit the 'Start SAP EasyAccess' button before they exit, then it generates a record for the SMEN transaction and it will report this.
However if they log into FF and immediately exit out, then it doesn't generate any transaction record and doesn't report this.
It appears that you have to do something (hit a button, enter a transaction, etc.) to get reported.
Thanks.
08-08-2011 3:26 PM
Bob,
You are correct. The log will only generate for actual activities performed. If nothing was done, then nothing will be reported.
I did encounter an example of this whereby an auditor requested positive evidence where the FFID was assigned but never used.
The client ended up trawling through SUIM and the audit event logs to prove the lack of FFID logon before finally convincing the auditor to accept the completeness of the SPM Log for any positive actions performed. They took the view that if they logged in without performing anything, then a risk was never actually realised anyway.
Simon