AuditLog table does not show succesful login attempts
search cancel

AuditLog table does not show succesful login attempts


Article ID: 189270


Updated On:


Data Loss Prevention Endpoint Prevent


You are monitoring activity in the DLP database's AUDITLOG table via third party data analysis tools.
You notice that, since upgrading to 15.5.x, you are no longer capturing successful kerberos logins to the console in the AUDITLOG table


Release : 15.5.x, Kerberos login


Missing entries in the SpringSecurityContext.xml file


Firstly if you are on 15.5 GA, apply 15.5 MP2


1. Make a backup copy of

\Program Files\Symantec\DataLossPrevention\EnforceServer\15.5\Protect\tomcat\webapps\ProtectManager\WEB-INF\springSecurityContext.xml

2. Edit springSecurityContext.xml to add
these missing items:

Add the two missing authentication handler properties at the end of this 
existing line:

<security:form-login authentication-failure-url="/GlobalDialog?type=LOGON_ERROR" default-target-url="/" login-page="/Logon" login-processing-url="/j_security_check" password-parameter="j_password" username-parameter="j_username" authentication-failure-handler-ref="authFailureHandler" authentication-success-handler-ref="authSuccessHandler"/>

Add these lines below the "</security:authentication-manager>" token:

<bean id="authSuccessHandler" class=""/>
<bean id="authFailureHandler" class="">
<property name="defaultFailureUrl" value="/GlobalDialog?type=LOGON_ERROR"/>

Restart the SymantecDLPManager service and correct auditing of successful and unsuccessful form-based login attempts should now be working.