Click here to expand

    Logon Settings

    Learn how to configure the following logon settings.

    • General: Learn how to configure CAPTCHA and block users after a certain number of invalid login attempts. 
    • Two-factor Authentication: Learn how to enable two-factor authentication for users logging into EventLog Analyzer.
    • Smartcard Authentication: Learn how to configure EventLog Analyzer to authenticate users through smart cards, bypassing other first-factor authentication methods.
    • External Authentication: Learn how to configure EventLog Analyzer to authenticate users through Active Directory and RADIUS server.

    General 

    Under the General tab of Logon Settings, you can configure the following.

    • CAPTCHA Settings
    • Block User Settings

    CAPTCHA Settings

    CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Login CAPTCHA serves as a security measure against bot-based brute force attacks. Enabling this setting will display a CAPTCHA image on the login page. End-users must enter the characters shown in the CAPTCHA image to log into the EventLog Analyzer web portal.

    You can configure whether to show CAPTCHA always or after a certain number of invalid login attempts. Apart from the CAPTCHA image, you can also enable Audio CAPTCHA.

    Steps to enable CAPTCHA:

    • Log into EventLog Analyzer as an administrator.
    • In the Settings tab, navigate to Admin Settings > Logon Settings > General.
    • Tick the Enable CAPTCHA on login page checkbox.
    • Select Always show CAPTCHA if you want users to go through CAPTCHA verification every time they login.
    • Select Show CAPTCHA after invalid login attempts if you want only those users who failed at login to go through the CAPTCHA verification process.
    • Enter the number of invalid login attempts after which the CAPTCHA verification should appear.
    • Enter the threshold (in minutes) to reset the invalid login attempts. After the specified duration, the invalid login attempts will be reset.
    • Select Enable Audio CAPTCHA to assist visually impaired users.
    • Note: When Audio CAPTCHA is enabled, only digits will be shown in the CAPTCHA image. If a browser doesn't support audio CAPTCHA, then the default CAPTCHA image (with letters and digits) will be shown.
    • Click Save Settings.

    Block User Settings

    Using this option you can block users from accessing EventLog Analyzer after a certain number of invalid login attempts for a defined duration. A blocked user cannot log into EventLog Analyzer until the threshold for reset is reached.

    Steps to block users:

    • Log into EventLog Analyzer as an administrator.
    • In the Settings tab, navigate to Admin Settings > Logon Settings > General.
    • Select the Block user after invalid login attempts checkbox.
    • Set the number of invalid login attempts after which users should be blocked and the number of minutes the user should be blocked by entering the appropriate values in the given fields.
    • Set the threshold (in minutes) to reset the invalid login attempts. After the specified duration, the user will be allowed to attempt login.
    • Click Save Settings.

    Two-Factor Authentication

    To strengthen logon security, EventLog Analyzer supports two-factor authentication (TFA).

    If TFA is enabled, EventLog Analyzer will require its users to authenticate using one of the following authentication mechanisms in addition to Active Directory or RADIUS authentication.

    Note: As a preventive measure against lockout, it has been made possible for an administrator to skip two-factor authentication during logon.

    Setting up Two-factor Authentication

    To enable two-factor configuration,

    • Login to EventLog Analyzer as an administrator.
    • Move to the Settings tab and click Admin Settings > Logon Settings.
    • Switch the Two-factor Authentication toggle button to the Enabled position.
    • Click on the authentication mechanism of your choice and enter the necessary details.
    Note: If multiple authentication options are enabled, the user will be asked to choose one at the time of logging in.

    Email Verification

    When email verification is enabled, EventLog Analyzer sends a verification code to the configured email address. That verification code would need to be entered to successfully login.

    To configure email verification as the second authentication mechanism,

    • Click the Enable Email Verification check box to enable it.

    • Enter the subject and body of the email containing the verification code.

    • Set the priority of the mail according to your requirement.

    • Click the Macros button at the bottom to include them in the email.

    • Click Save to save the email verification settings.

    SMS Verification

    When SMS verification is enabled, EventLog Analyzer sends a verification code via SMS to the configured mobile number. That verification code would need to be entered to successfully login.

    To configure SMS verification as the second authentication mechanism,

    • Click the Enable SMS Verification check box to enable it.

    • Enter the body of the message containing the verification code.

    • Click the Macros button at the bottom to include them in the SMS.

    • Click Save to save the email verification settings.

    Google Authenticator

    When verification via Google Authenticator is enabled, a six-digit security code will be generated in the Google Authenticator application in the configured mobile. This code would need to be entered to successfully login.

    To configure Google Authenticator as the second authentication mechanism,

    • Click the Enable Google Authenticator button.

    • Enroll for two-factor authentication using the Google Authenticator application. For setting up Google Authenticator, go to Google Authenticator setup.
    Note: Ensure that the client time and device (mobile) time are syncronized.

    RSA SecurID

    When verification via RSA SecurID is enabled, the security codes generated by the RSA SecurID mobile app, hardware tokens, or tokens received via mail or SMS would need to be entered to successfully log in.

    To configure RSA SecurID as the second authentication mechanism,

    • Login to your RSA admin console.
    • Navigate to Access >Authentication Agents and click Add New.
    • Add the EventLog Analyzer server as an authentication agent and click Save.
    • Navigate to Access > Authentication Agents and click Generate Configuration File.
    • Download AM_Config.zip (Authentication Manager config) and extract sdconf.rec from the ZIP file.

    • In the EventLog Analyzer two-factor authentication menu, select the Enable RSA SecurID check box.

    • Click Browse and select the sdconf.rec file.
    • Click Save to save the configuration.

    Duo Security

    When verification via Duo Security is enabled, a six-digit security code will be generated in the Duo Security application in the configured mobile. This code would need to be entered to successfully login.

    Note: Ensure that the server time and internet time are syncronized.

    To configure Duo Security as the second authentication mechanism,

    • Login to your Duo Security account or sign up for a new one and login. For self enrollment steps, go to Duo Self Enrollment.
    • Go to Applications and click Protect an Application.
    • Search for Web SDK and click Protect this Application.
    • Note the Integration Key, Secret Key, and API Hostname.
    • In the EventLog Analyzer two-factor authentication menu, select the Enable Duo Security check box and enter the noted down values in appropriate fields.
    • Click Save to save the configuration.

    Backup Verification Codes

    As a backup mechanism against user lockout because of two-factor authentication failure, EventLog Analyzer has backup verification codes. Each user can generate a set of backup verification codes, which will have five, and use one code each time they are unable to login by authenticating using the configured mechanism.

    To allow users to login using backup verification codes, enable the Backup Verification Code check box.

    To generate backup verification codes, go to Two-factor Authentication in My Account.

    Managing Enrolled Users

    As an admin, you can view the authentication method users have enrolled for and also remove users’ enrollment for two-factor authentication. To manage enrolled users,

    • In the Settings tab, navigate to Admin Settings > Logon Settings.
    • Click Enrolled Users at the bottom of the authentication mechanisms list to view the list of users enrolled for two-factor authentication and the authentication method they have chosen.
    • To remove a user, select the user and click the delete icon.

    Managing Account Two-factor Authentication

    To manage the two-factor authentication settings of the logged in account, check Manage Account TFA.

    Smart card Authentication

    If you have a smart card authentication system enabled in your environment, you can configure EventLog Analyzer to authenticate users through it, bypassing other first-factor authentication methods.

    This feature provides an additional authentication option for EventLog Analyzer login by enabling the use of smart cards/PKI/certificates to grant access to the tool. Smart card authentication strengthens the security further because getting access to EventLog Analyzer shall then require the user to possess the smart card and know the personal identification number (PIN) as well.

    Steps to configure smart card authentication settings:

    • Login to EventLog Analyzer as an administrator.
    • SSL port must be enabled for configuring smart card authentication settings. To check your SSL port settings, select the Settings tab and navigate to System Settings > Connection Settings > General Settings. If not enabled already, select the checkbox against Enable SSL [HTTPS], and specify the port number in the field. Click Save.
    • In the Settings tab, navigate to Admin Settings > Logon Settings > Smart Card Authentication.
    • Click the +Add a New Smartcard button at the top-right corner of the screen.
    • In the Import CA Root Certification field, click Browse and import the required Certification Authority root certification file from your computer.
    • In the Mapping Attribute in Certificate field, specify the certificate attribute for mapping.
    • The user details need to be mapped between the smart card certificate and the EventLog Analyzer database. This denotes that the attribute in the smart card certificate that uniquely identifies the user should match with the corresponding value in the EventLog Analyzer user database. This mapping involves specifying which attribute in the certificate should be taken up for comparison with which attribute in EventLog Analyzer user store.
    • EventLog Analyzer provides the flexibility to specify any attribute of the smart card certificate that you feel uniquely identifies the user in your environment. You may choose any attribute among SAN.OtherName, SAN.RFC822Name, SAN.DirName, SAN.DNSName, SAN.URI, email, distinguishedName, and CommonName. In case if any other attribute is used to uniquely identify the user in your environment, contact EventLog Analyzer support to add that attribute.
    • In the Mapping Attribute in AD field, specify the LDAP attribute that should be matched with the specified certificate attribute. Here you need to specify the particular LDAP attribute that uniquely identifies the user in EventLog Analyzer user store, e.g., sAMAccountName. During authentication, EventLog Analyzer reads the value corresponding to the certificate attribute that you specified in Mapping Attribute in Certificate and compares it with the specified LDAP attribute in Mapping Attribute in AD.
    • In the Linked Domains field, select the appropriate domains from the drop-down menu.
    • Click Save.

    After you have added a smart card for authentication, you can perform any of the following functions:

    Edit a configured smart card

    To edit a configured smart card, follow the steps given below:

    • In the Settings tab, navigate to Admin Settings > Logon Settings > Smart Card Authentication.
    • Click the Edit icon located in the Action column of the particular smart card.
    • Modify the settings you wish to change.
    • Click Save.

    Enable/Disable a smart card

    To enable/disable a configured smart card, follow the steps given below:

    • In the Settings tab, navigate to Admin Settings > Logon Settings > Smart Card Authentication.
    • To enable/disable a configured smart card, click on the Enable/Disable icon located in the Action column of the particular smart card.

    Delete a configured smart card

    To delete a configured smart card, follow the steps given below:

    • In the Settings tab, navigate to Admin Settings > Logon Settings > Smart Card Authentication.
    • Click the corresponding Delete icon corresponding to the smart card which you wish to delete.
    • Click Yes to confirm the deletion.

    Enabling external authentication

    Technicians can logon to EventLog Analyzer with their Active Directory and RADIUS server credentials.

    Steps to enable Active Directory authentication in EventLog Analyzer

    • Navigate to Settings → Admin Settings → Logon Settings.
    • Click on the External Authentication tab.
    • Under the Active Directory section, you will see the Enable Active Directory Authentication button.
    • Click on the button to enable all the users imported from Active Directory to logon to EventLog Analyzer using their domain credentials.

    Steps to enable RADIUS server authentication in EventLog Analyzer

    • Navigate to Settings → Admin Settings → Logon Settings.
    • Click on the External Authentication tab.
    • Click on the RADIUS server section.
    • Select the Enable RADIUS server Authentication check box.
    • Enter the RADIUS server IP and the Authentication port number.
    • Choose the authentication protocol from the Protocol drop-down menu.
    • Enter the RADIUS shared secret password in the RADIUS server secret field.
    • Specify the maximum number of authentication attempts that can be made from the Automatic Retries drop-down menu.
    • Click on Save to enable the users to logon to EventLog Analyzer by authenticating with the configured RADIUS server.

    On this page

    Get download link