2020 R1Archive
  • All Files

This page is not yet available in your language.

Monitor logs in the VMS for signs of suspicious activity

XProtect VMS provides features for generating and viewing logs that provide information about patterns of use, system performance, and other issues.Milestone recommends that you monitor the logs for signs of suspicious activities.

There are tools that leverage logs for operational and security purposes. Many businesses use syslog servers to consolidate logs. You can use syslog to note activities at a Windows level, however, XProtect VMS does not support syslog.

Milestone recommends that you use the Audit Log in XProtect VMS, and enable user access logging in Management Client. By default, the Audit Log notes only user logins. However, you can turn on user access logging so that the Audit Log notes all user activities in all of the client components of XProtect VMS products. This includes the times of the activities and the source IP addresses.

The client components are XProtect Smart Client, Web Client, the XProtect Management Client component, and integrations made by using the MIP SDK. Examples of activities are exports, activating outputs, viewing cameras live or in playback, and so on.

The Audit log does not note unsuccessful login attempts, or when the user logs out.

Logging all user activities in all clients increases the load on the system, and can affect performance.

You can adjust the load by specifying the following criteria that controls when the system will generate a log entry:

  • The number of seconds that comprise one sequence. The VMS generates one log entry when a user plays video within the sequence.
  • The number of frames that a user must view when playing back video before the VMS generates a log entry.

To turn on and configure extended user access logging, follow these steps:

  1. In Management Client, click Tools, and select Options.
  2. On the Server Logs tab, under Log settings, select Audit Log.
  3. Under Settings, select the Enable user access logging check box.
  4. Optional: To specify limitations for the information that is noted, and reduce impact on performance, make selections in the Playback sequence logging length and Records seen before logging fields.

To view the Audit Log in XProtect VMS, follow these steps:

  1. Open Management Client.
  2. Expand the Server Logs node.
  3. Click Audit Log.

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 AU-3 Content of Audit Records
  • NIST SP 800-53 RA-5 Vulnerability Scanning
  • NIST SP 800-53 AU-6 Audit Review, Analysis and Reporting