Viewing client connection logs
SDS for C&M clients generate a log every time they log on to SDS for C&M, indicating whether the connection succeeded or failed. Looking through these logs makes it possible to detect, for example, whether a user account is the target of a brute force attack.
These logs are deleted by default after 365 days.
Connection logs can be viewed on client workstations in the following file:
- Installation for all users: C:\Program Files\Stormshield\Stormshield Data Security\accountConnectionLogs.json,
- Installation for yourself: %localappdata%\Programs\ Stormshield\Stormshield Data Security\accountConnectionLogs.json.
In the following example, the first login was attempted using the account user1domain.com. The line
"success": true means that the login was successful. The second attempt was carried out with the account user2domain.com. The line
"success": false means that the login failed.
"success": false },