In the most recent release of F-Response Enterprise (3.09.08.1) you will see we've included support for Audit logging.

"F-Response Enterprise now provides explicit audit logs for Login/Logout/Failed Login/Start/Stop operations on remote targets. Audit logs are found in the Application Event Logs of the F-Response License Manager."

So, what does this mean for the F-Response Enterprise customer?

Simply put, each time F-Response is started or stopped on a remote machine and entry will appear in the Event Logs on whichever machine is running the F-Response License Manager. Also, each time someone logs into or out of F-Response on a remote machine (regardless of platform) an entry will appear in the Event Logs on the License Manager machine.

Let me take a minute to answer a few of the most common questions surrounding F-Response Enterprise Audit Logging:

Q: I have noticed multiple log entries in the event log during a login (successful) why is that?

A: There are multiple phases that occur during an authentication to the remote F-Response target, each one of those successful event log entries corresponds to one of those phases.

Q. What about if I connect to a target from another machine using the iSCSI Initiator (Microsoft, Linux, or Apple)? Will an entry still show up in the Event Log on the License Manager machine?

A. Yes. That entry will also contain the IP address of the machine making the connection (iSCSI Initiator machine).

Q. Can I disable Audit Logging?

A. No, not at time time.

Hopefully this answers some of your questions regarding the newest Audit Logging capabilities of F-Response Enterprise. If not, or if you have additional questions please don't hesitate to contact us directly and we'll do our best to assist you.

Thanks, have a great day!

Warmest Regards,

M. Shannon, Founder

F-Response

June 28. 2010