Blog

Managed File Transfer and Network Solutions

How To Get An Email Each Time An Admin Account Logs In To Your Server

Posted by John Carl Villanueva on Tue, Feb 24, 2015 @ 03:42 AM


Overview

A compromised file transfer server admin user account is always a huge problem. In the hands of a person with malicious intentions, a user account with administrative privileges can turn into a massive data breach. Thus, there may be cases when you'll want to be notified whenever an admin gains access to your system. If the login looks suspicious, you'll still have time to take appropriate action. In this post, I'll show you how to configure JSCAPE MFT Server so that it can automatically send an email to anyone who needs to know each time an admin logs in. 

how_to_get_an_email_each_time_an_admin_account_logs_in_to_your_server


What we're trying to do

email-notification-upon-admin-login-1 

 

1. Create a trigger with the Administrator Login event type

Just like in all our posts on automated file transfer, we'll be using triggers for this task. 

JSCAPE MFT Server has a built in trigger event type that fires each time an admin logs in. It's aptly called the Administrator Login event type. Create a new trigger, give it a name (e.g. "Email notification in response to admin login"), and then select Administrator Login from the drop-down list. Click Next to proceed.

 

01-email-notification-each-time-admin-logs-in

 

Of course, most (if not all) of the admin logins you'll encounter won't be of the malicious kind. So getting notifications for every single login can become quite annoying. If you want to filter out those logins that you're 100% sure are totally legit, you can write some filters in the Trigger Conditions dialog. For instance you can exempt logins if they: originated from a particular IP, were performed by a particular user account, were carried out at a particular time, and so on. You can view a list of the allowed parameters by clicking the Variables button. 

For now, let's just leave this box blank. Click Next to proceed.

 

02-email-notification-in-response-admin-login

 

2. Add the Send Email trigger action

Add a new trigger action, expand the drop-down list, and select the Send Email trigger action. Click OK to proceed.

 

03-email-notification-in-response-admin-login

 

3. Add pertinent information to the email body using variables

Enter all the necessary parameters for sending that email notification, including the hostname of your SMTP server, the port number, connection type, etc.

Once you get to the Body, enter all the necessary information that will help you determine whether a particular login is legit or not. In the example below, I used the following variables (just click the Add Variable button to see the complete list):

  • %AdministratorUsername%
  • %AdministratorName%
  • %ClientHost% - this is the IP address of the cllient machine used by the admin account during login
  • %Month%, %DayOfMonth%, %Year%
  • %Hour%, %Minute%, %Second%
  • %ServerHost% - this is the IP address of the server

Click OK to proceed. 

 

04-email-notification-in-response-admin-login

 

Don't forget to finalise your trigger creation process by clicking the Apply button as soon as you get back to the main screen.

Here's an example of the email that was received containing the details we added earlier.

 

05-email-notification-in-response-admin-login

 


Get started

Want to try this out? Download a free, fully-functional evaluation edition of JSCAPE MFT Server now.

 

Download Now

 

Liked this article? Perhaps you'd want to read these too:

How To Send Large Files Through Email

Guide To HIPAA Compliant File Transfers

OFTP (Odette File Transfer Protocol) - Simplified



We'd love to engage with you on social media. Do connect with us ...

 

Topics: JSCAPE MFT Server, Managed File Transfer, Secure File Transfer, Triggers