Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Logging

I cannot imagine that JSIG guide refers to logging on a client. That makes no sense. It would be quite difficult for you to set it up in a way that the user cannot circumvent that. User can always use a different client or a script (e.g. PowerShell).

Anyway, this request has been added to the tracker:
https://winscp.net/tracker/1643
Guest

Re: Logging

martin wrote:

Are you really fearing a malicious server on your local network?


Actually I am trying to be compliant with the JSIG configuration guide. Record and monitor all file transfers on a secure network. A rouge server can be another issue by an administrator and not a average user. We do use Ivanti end point protection for all activities other then network transfers.
martin

Re: Logging

Are you really fearing a malicious server on your local network?
Guest

Re: Logging

martin wrote:

All of that is a job for a server and/or a firewall, not for a client.


That is true if the connection is not on the local network and is leaving the building. If I am trying to monitor and record all sessions that are on the local network then no firewall will come into play. The server can be of a malicious nature and that is what I am trying to capture. I can not pull the logs of a server if the server should not be on the network. I figured that limiting the client that always creates logs in a particular shared location then it is easy to parse the logs with a cron job.
WinSCP does this but does not remove the ability to lock the configuration so no one can alter what and where it is logged.
martin

Re: Logging

All of that is a job for a server and/or a firewall, not for a client.
Guest

Re: Logging

martin wrote:

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.


I would like to lock the configuration so that users can not change the log settings in particular. I would like to monitor everything that is transferred and not allow the users to disable that functionality. If it is also possible to disable all of the preferences, that is OK also. Yes I am able to create a ini file or adjust the registry to push a initial configuration but the end user is always able to change the settings.
If this is part of a "pay for" enterprise version then I am also interested in that software.
martin

Re: Logging

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.
rpittigh@...

Logging

Is it possible to lock the configuration on the clients so the users can not make changes? I have created a ini file to push the wanted configuration but the user can still open preferences and make changes beyond what we wanted.