Logging

Advertisement

rpittigh@...
Guest

Logging

Is it possible to lock the configuration on the clients so the users can not make changes? I have created a ini file to push the wanted configuration but the user can still open preferences and make changes beyond what we wanted.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,095
Location:
Prague, Czechia

Re: Logging

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.

Reply with quote

Guest

Re: Logging

martin wrote:

It seems you will have to describe your use case into more details.
Do you want your users to be able to connect with WinSCP only to pre-configured sites?
That's more a job for a firewall, than for a client application.

I would like to lock the configuration so that users can not change the log settings in particular. I would like to monitor everything that is transferred and not allow the users to disable that functionality. If it is also possible to disable all of the preferences, that is OK also. Yes I am able to create a ini file or adjust the registry to push a initial configuration but the end user is always able to change the settings.
If this is part of a "pay for" enterprise version then I am also interested in that software.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,095
Location:
Prague, Czechia

Re: Logging

All of that is a job for a server and/or a firewall, not for a client.

Reply with quote

Guest

Re: Logging

martin wrote:

All of that is a job for a server and/or a firewall, not for a client.

That is true if the connection is not on the local network and is leaving the building. If I am trying to monitor and record all sessions that are on the local network then no firewall will come into play. The server can be of a malicious nature and that is what I am trying to capture. I can not pull the logs of a server if the server should not be on the network. I figured that limiting the client that always creates logs in a particular shared location then it is easy to parse the logs with a cron job.
WinSCP does this but does not remove the ability to lock the configuration so no one can alter what and where it is logged.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
29,095
Location:
Prague, Czechia

Re: Logging

Are you really fearing a malicious server on your local network?

Reply with quote

Guest

Re: Logging

martin wrote:

Are you really fearing a malicious server on your local network?

Actually I am trying to be compliant with the JSIG configuration guide. Record and monitor all file transfers on a secure network. A rouge server can be another issue by an administrator and not a average user. We do use Ivanti end point protection for all activities other then network transfers.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,095
Location:
Prague, Czechia

Re: Logging

I cannot imagine that JSIG guide refers to logging on a client. That makes no sense. It would be quite difficult for you to set it up in a way that the user cannot circumvent that. User can always use a different client or a script (e.g. PowerShell).

Anyway, this request has been added to the tracker:
https://winscp.net/tracker/1643

Reply with quote

Advertisement

You can post new topics in this forum