Providing effective logging and instrumentation is important for the security and reliability of your application. Logs can be used to detect suspicious activity, which frequently provides early indications of an attack on the system. Failing to do so can leave your application vulnerable to repudiation threats, where users deny their actions. Log files may also be required to prove wrongdoing in legal proceedings. Auditing is generally considered most authoritative if the log information is generated at the precise time of resource access, and by the same routine that accesses the resource.
Logging and auditing can be provided by multiple components in an enterprise implementation including:
- Esri components
- Web server
- Operating system
- Relational database
Consider the following ArcGIS specific logging strategies:
- Adjust ArcGIS Server’s logging level to your auditing needs
- When ArcGIS Server Security is turn on, the user who submitted each request is logged
- Esri’s GeoDatabase History may be utilized for tracking changes over time
- Esri’s Job Tracking for ArcGIS can be utilized to perform historical tracking of geospatial data edits across the enterprise
- Each edit to a record in the geodatabase, and the information describing that edit, makes up a single transaction
- Transactions recorded in OGC GML for interoperability
Consider the following general best practices for your logging strategy:
- Audit user management events
- Centralize logging and instrumentation
- Audit unusual activities
- Audit business-critical operations
- Create secure log file management policies, such as restricting the access to log files, allowing only write access to users, etc.
- Do not store sensitive information in the log or audit files
- Audit database access by role
- Associate auditing events based on DML
- Insert, Update, Delete
- Associate auditing events based on DML
- Audit Trail stored in database as object