Domain Server – Audit

Summary #

As a Domain Admin, you own and control your own data. The best way to meet some legal/regulatory compliance requirements is to run your own Domain Server. If you are operating a Domain Server for your users a certain set of user activity involving the Domain Server can be logged in a special log file for audit purposes. To learn how to install your own Domain Server on Linux, see How to Install Gabriel on Linux. Once you have installed Gabriel on Linux, you can provision it as a Domain Server on the admin portal, here

Before activities are saved to the audit file, “Audit” needs to be set to be ‘Enabled’ in your Domain Policy. Additionally, you should also consider locking your Domain Server (in your Domain Policy) so all of your users are required to use the your server.

New Secure Domain Names will have audit enabled by default. However, if audit is disabled, log into and update your ‘Domain Policy’.

Once Audit is enabled you can toggle audit on and off for individual secure applications on the “Services” tab. For example:

Audit is ENABLED for Secure Share

GabrielAudit.log Details #

  • Location: /home/gabriel/.gabriel/audit/
    • This location can be changed by editing the HKCU_Registry.ini file. (Software\VirnetX\Gabriel Connection\AuditPath)
  • Events Logged: Following events will be logged to the audit file when a user accesses a Domain Server involving following features
    • SecureMail : Reading unread emails, Moving emails to ‘Trash’ folder and emptying ‘Trash’ folder
    • SecureShare : Creating, Deleting, Moving and renaming shares. Users accessing a file or a SecureShare, retrieving a list of SecureShare, trying to access a SecureShare users don’t have access to or trying to access an invalid SecureShare path or users trying to download a file from a SecureShare they don’t have download access to.
    • SecureGateway : Creating and Deleting a SecureGateway, Adding/Removing access.
    • SecureSync : Syncing files to/from Domain Server to another device.

Audit & Secure Mail, Secure Messaging (Conversation History) #

If you are operating a Domain Server, Secure Mail and Secure Messaging history is always saved for backup and syncing purposes. Your Domain Server contains the master copy of this data. When users activate a new device, your Domain Server will automatically send them their recent conversations and mail.

When Audit is enabled for Secure Messaging, users will not be able to go “Off the Record” in while in conversations. Additionally, all ‘Conversation History’ options on the Gabriel client will be locked/disabled.

Learn more about Secure Mail and Secure Messaging.

More Help #

If you are not sure where your HKCU_registry.ini or GabrielAudit.log files are, you can find them using the Linux command:

sudo find /home/ -name HKCU_registry.ini
sudo find /home/ -name GabrielAudit.log

Powered by BetterDocs

Theme: Overlay by Kaira