You are here

System Activity

Subscribe to Syndicate

The System Activity monitor keeps track of various system processes such as upgrades, and more importantly the IP address from where the upgrade was run. This helps your organization fulfill the PCI DSS Cross Reference/Index Requirement 10: Track and monitor all access to network, where you are required to track and monitor all access to network resources and cardholder data. Logging mechanisms and the ability to track user activities are critical for effective forensics and vulnerability management. The presence of logs in all environments allows thorough tracking and analysis if something goes wrong. Determining the cause of a compromise is very difficult without system activity logs.

For more on the PCI DSS Cross Reference/Index, click here.

For more on Requirement 10 of PCI Compliance, click here.

The System Activity Monitor is accessed under the Setup>>System Activity menu.





The System Activity window will open.



Enter the date range for which you wish to examine the logs.




Parts of the System Activity Window

Prints a report of the log file.
Exports the logfile to either a text file or Excel.
Date
Date the particular activity took place.
IP Address
The IP address from where the activity was requested.
Type
The System Activity Record Type
  • Upgrade Routine Progress Types:
    • 7: Upgrade Routine Progress
    • 9: Started Database Upgrade
    • 10: Finished Database Upgrade Messages
  • Used in Version 6 for Database Management:
    • 11: Asked to Verify Database
    • 12: Verify Successful
    • 14: Verify Database Problems
    • 15: User Not Allowed To Verify
    • 16: Transaction File Created (perhaps it shouldn't be)
    • 20: User Added Events to the Database
    • 30: Start the Web Listener
    • 31: Stop the Web Listener
    • 32: Shut Down for Backups
    • 33: Restarted After Backups
    • 40: Unable to Find Accounts
    • 50: Expand Database Entered, Not Executed
    • 51: Database Expanded
    • 52: User Asked During Startup
    • 53: User Informed During Startup, Not Allowed
    • 54: Database Rebuild Request Started
    • 55: Database Rebuild Request Finished (If not in database, should never be in live database)
  • Others not appearing in the list:
    • 1: Invariant Key Check - Database Management
    • 17: Check Data Log - Database Management
    • 41: User Changed Database - Employee Management
    • 60: Ping Error for Credit Card Server - System Startup Management
    Note
    Description of the activity.
    Count
    Is a generic/multi-purpose field:
    • Type 9: Used to track the number of times the Database Upgrade has been started by multiple workstations
    • Type (others): Not used at this time.
    Entered
    Date and Time the activity was initiated.
    Updated
    Date and Time the activity was completed.
    Changed By
    Log on name of the employee (if known) initiating the activity.