SecurTrac FAQs

1. Are there any differences in tracking changes if the application is web enabled?
2. Can you have multiple configuration documents (monitors) for the same database?
3. How does SecurTrac™ secure itself?
4. How does SecurTrac™ handle replication?
5. What server resources area required and what is the server load?
6. How is the software licensed?
7. Can the reporting and alert notifications be sent to other people besides the network administrator?
8. What is the support policy?
9. Do I have to get alerts for all events or can I prepare reports with the log information?
10. Can I search for events and perform hunts?
11. What if I only want to track specific criteria such as email subjects – do I have to track everything or can I filter?
12. If I create detailed monitors and I want to delete them, do I lose all my work and have to recreate later?
13. If someone uses and external editors, such as Notepad, to edit the notes.ini, what happens?
14. Can I monitor SecurTrac™ Configuration document change?
15. Does SecurTrac support Domino clustered server?
16. Does SecurTrac support partition server?
17. What kind of administration client does SecurTrac™ support?
18. What OS platform does SecurTrac™ support?
19. What version of Domino server does SecurTrac™ support?
20. Will SecurTrac™ impose additional workload onyour Domino server?
21. How are Adminp renames/updates recorded by SecurTrac™? Are changes made from a server-based agent signed by a particular user distinguishable from client updates by that user?
22. Can alerts be sent via a means other than e-mails?
23. Is a DSAPI filter used in SecurTrac?



1. Are there any differences in tracking changes if the application is web enabled?
 
Since SecurTrac™ is running on server side and hooked to the Domino core. SecurTrac™ is only concerned about database updates, regardless if the changes are coming from Web or Notes clients. The same is true for Mail Monitoring. SecurTrac™ can log the mail no matter if it is sent from a Notes client, web browser or SMTP client (Outlook).
 
2. Can you have multiple configuration documents (monitors) for the same database?
 

Yes, you can have multiple monitors monitoring different actions. For example, if you want to log Open, Update, Delete and Create actions, but you don't want to get notified on any Open actions, you can configure two monitors. The first monitor will be logging all open activities to the document. The second monitor will log all update, delete and create actions and it can be configured to notify you of these actions.

 

 


Config1: Open -> Log only
Config2: Update, Delete and Create -> Log and Notify

 
3. How does SecurTrac™ secure itself?
 
The SecurTrac™ log and configuration databases are designed to be protected by Domino security. The database will be strictly controlled to be accessed by authorized parties only. This can be easily implemented by proper setting of the Log database ACL. In addition, the access of the SecurTrac™ Log and Configuration databases can also be monitored by SecurTrac™ itself.

You can create the following two database monitors to prevent granted users from illegally modifying/deleting the logs and monitors.
 
 


1) Monitor database "SecurTrac\Sctcfg.nsf"
Actions: create/update/delete/design/ACL
Set the following formula for the Criteria to Match
Form != "FLogCollectorSetupDoc"
** Anybody did any update in the database will be logged.
2) Monitor database "SecurTrac\Sctlog.nsf"
Actions: delete/design/ACL (**NO create, or it will be in a loop!!)

 

 

Even the administrator can’t change the log file without an entry being recorded.
The Administrator can change the design of the log database, but that action will be recorded as well.

 
4. How does SecurTrac™ handle replication?
 
There are two types of replication, client to server and server to server.
Case A: Client to Server
Suppose that the user has a replica of database on his mobile notebook and replicate with the server. SecurTrac™ will record a list of actions:
 


- Open: Documents pulled from server to workstation (So, we know what documents were retrieved by user)
- Update: Document updates pushed from workstation to server (So, we know what documents were updated by the user)
- Delete: Document deletions pushed from workstation to server (So, we know what documents were deleted by the user)
- Create: Document creations pushed from workstation to server (So, we know what documents were created by the user)

In the Log,
Initiator = User Name, Action time = Time of Replication

  Note: Since SecurTrac™ is monitored on server side, so all the logs are based on the change of server database copy.
   
 
Case B: Server to Server
Suppose there are two servers, say Server A and Server B. The user changed documents in the database replica on Server A and then the database was synchronized between Server A and Server B. Since the changes were made directly in database on Server A, so SecurTrac™ would log exactly what had happened (Open, Update, Delete and Create).
 


Initiator = User Name, Action time = Time of the Update
Last Update Person = Username, Last Update Time = Time of the update

   
  When the changes were replicated from Server A to Server B, SecurTrac™ will record a list of actions:
 


- Open: Documents pulled from server B to Server A
- Update: Document updates pushed from Server A to server B
- Delete: Document deletions pushed from Server A to server B
- Create: Document creations pushed from Server A to server B

  In the Log,
 


Initiator = Server A, Action time = Time of Replication
Last Update Person = Username, Last Update Time = Time of the update

  Initiator = Server A, Action time = Time of Replication
Last Update Person = Username, Last Update Time = Time of the update
 
5. What server resources area required and what is the server load?
 
SecurTrac™ requires at least 32MB of RAM resources in addition to the memory requirement for Domino server and at least 50MB hard disk space on the Domino server where the software resides. There are built-in housekeeping features that can archive the data and begin a new log. If there are a significant number of transactions, then additional storage is required. The server load of SecurTrac™ will depend on the number of monitors and transactions processed. A 10% server load is typical.
 
6. How is the software licensed?
 
SecurTrac™ is licensed on a per server basis. There is a license key for each server installation.
 
7. Can the reporting and alert notifications be sent to other people besides the network administrator?
 
SecurTrac™ permits the logs to be viewed by specified individuals. The notifications can also be sent to specify individuals. For example, there may a human resources database that has a monitor configured. The alerts can be directed to a contact in the human resources department instead of the IT administrator.
 
8. What is the support policy?
 
SecurTrac™ has two maintenance plans – Maintenance and Maintenance Plus. These plans provide web, email and phone support. Maintenance Plus includes product upgrades Please contact us for more details on pricing and details.
 
9. Do I have to get alerts for all events or can I prepare reports with the log information?
 
SecurTrac™ has logs that will contain the information based on the settings in the monitors. You do not have to enable alerts. All of the monitor information is processed into a Notes database file. It is easy to browse through the logs to view entries. Data can be exported into a spreadsheet or other program for reports. There is a ready made reporting pack called Integra for SecurTrac which allow for summarizations of vital information and will give you in depth analysis of the data gathered by SecurTrac.
 
10. Can I search for events and perform hunts?
 
The SecurTrac™ log database is a Notes database thereby allowing easy searching of events.
 
11. What if I only want to track specific criteria such as email subjects – do I have to track everything or can I filter?
 
The monitors offer various tabs that permit only specific items to be logged. For example, if the ACL of a database is to be monitored, then the monitor will only log that criteria. Often, companies want more specific items to be monitored. For example, a company may want to monitor email that has "Confidential" in the subject line. SecurTrac™ permits Notes formulas to be used to filter events so as to track and alert based on the criteria formulas.
 
12. If I create detailed monitors and I want to delete them, do I lose all my work and have to recreate later?
 
SecurTrac™ can easily enable or disable monitors. Perhaps a specific database is being tracked for a period. The monitor can be enabled and then disabled, should there no longer be a need for Tracking. All formulas and information in the monitor are saved and available should the monitor need to be enabled again.
 
13. If someone uses and external editors, such as Notepad, to edit the notes.ini, what happens?
 
SecurTrac™ will record the event and all the changes regardless of the editor being used. An alert will be sent out should that be configured.
 
14. Can I monitor SecurTrac™ Configuration document change?
  Yes. The SecurTrac™ Configuration document is just one of the Domino databases on the server.
Steps:
1. Create a Database Monitor
2. Enter filename "SecurTrac\SctCfg.nsf"
3. Select the action: Create, Update and Delete
4. Set the following formula for the Criteria to Match
Form != "FLogCollectorSetupDoc"
5. Select "All fields"
6. Save and Close the document.
 
15. Does SecurTrac™ support Domino clustered server?
 
Yes, SecurTrac™ does support Domino cluster environment.
 
16. Does SecurTrac™ support partition server?
 
SecurTrac works fine on partitioned servers. But the install program or uninstall program is not partitoned servers aware. So, for partitioned servers, you have to run the setup program for each server. Please note that the SecurTrac program files (in Domino directory) will be over-written each time.
 
17. What kind of administration client does SecurTrac™ support?
  SecurTrac™ can be administrated by:
Lotus Notes R5/6/7/8/8.5 client
 
18. What OS platform does SecurTrac™ support?
 
SecurTrac™ currently runs on Windows 2000/2003/2008 server, SUN Solaris, AIX, OS/400 and Linux servers.
 
19. What version of Domino server does SecurTrac™ support?
 
SecurTrac™ can run on Lotus Domino server 5.x, 6.x, 7.x. or 8..x
 
20. Will SecurTrac™ impose additional workload on your Domino server?
 
Yes, SecurTrac™ is similar to other server add-on modules such as anti-virus programs. It will impose an additional workload to the server. However, SecurTrac™ is designed to be light and fast. The actual load depends on how much information you have selected to log.
 
21. How are Adminp renames/updates recorded by SecurTrac™? Are changes made from a server-based agent signed by a particular user distinguishable from client updates by that user?
 
Admin process activity is recorded as a server activity. The initiator field in the SecurTrac™ log will display the server id.

If a scheduled agent is run from the server, SecurTrac™ will log the activity as a server action, as specified in initiator field in the SecurTrac™ . The log entry will display the server id.

If the scheduled agent is run from the server but signed by a user id, SecurTrac™ will log the action as a user action. The initiator field in the SecurTrac™ log will show the user id that signed the scheduled agent.

 
22. Can alerts be sent via a means other than e-mails?
  Since SecurTrac™ is running on Domino server, Domino server add-ons can be configured to send SMS or page to the administrator if any suspicious activities occur. Extracomm's ExtraFax can provides real time SMS notification.
 
23. Is a DSAPI filter used in SecurTrac?
  Yes, SecurTrac introduced DSAPI filter since 2.4 to log IP address of the remote web browser client.