Viewing client connection logs

SDS for C&M clients generate a log every time they log on to SDS for C&M, indicating whether the connection succeeded or failed. Looking through these logs makes it possible to detect, for example, whether a user account is the target of a brute force attack.

These logs are deleted by default after 365 days.

Connection logs can be viewed on client workstations in the following file:

  • Installation for all users: C:\Program Files\Stormshield\Stormshield Data Security\accountConnectionLogs.json,
  • Installation for yourself: %localappdata%\Programs\ Stormshield\Stormshield Data Security\accountConnectionLogs.json.

In the following example, the first login was attempted using the account user1domain.com. The line "success": true means that the login was successful. The second attempt was carried out with the account user2domain.com. The line "success": false means that the login failed.

{
"accountConnections": [{
"date": "2019-03-25T17:02:45Z",
"email": "user1@domain.com",
"success": true
}, {
"date": "2019-03-25T17:03:55Z",
"email": "user2@domain.com",
"success": false },