How To Get An Email Each Time An Admin Account Logs In To Your Server

A file transfer server admin? Learn how to get notified via email if someone with admin privileges logs into your server.
  1. Blog

Overview

A compromised file transfer server admin user account is always a huge problem. In the hands of a person with malicious intentions, a user account with administrative privileges can turn into a massive data breach. Thus, there may be cases when you'll want to be notified whenever an admin gains access to your system. If the login looks suspicious, you'll still have time to take appropriate action. In this post, I'll show you how to configure JSCAPE MFT Server so that it can automatically send an email to anyone who needs to know each time an admin logs in.

how_to_get_an_email_each_time_an_admin_account_logs_in_to_your_server

What we're trying to do

email-notification-upon-admin-login-1

1. Create a trigger with the Administrator Login event type

Just like in all our posts on automated file transfer, we'll be using triggers for this task.

JSCAPE MFT Server has a built in trigger event type that fires each time an admin logs in. It's aptly called the Administrator Login event type. Create a new trigger, give it a name (e.g. "Email notification in response to admin login"), and then select Administrator Login from the drop-down list. Click Next to proceed.

01-email-notification-each-time-admin-logs-in

Of course, most (if not all) of the admin logins you'll encounter won't be of the malicious kind. So getting notifications for every single login can become quite annoying. If you want to filter out those logins that you're 100% sure are totally legit, you can write some filters in the Trigger Conditions dialog. For instance you can exempt logins if they: originated from a particular IP, were performed by a particular user account, were carried out at a particular time, and so on. You can view a list of the allowed parameters by clicking the Variables button.

For now, let's just leave this box blank. Click Next to proceed.

02-email-notification-in-response-admin-login

2. Add the Send Email trigger action

Add a new trigger action, expand the drop-down list, and select the Send Email trigger action. Click OK to proceed.

03-email-notification-in-response-admin-login

3. Add pertinent information to the email body using variables

Enter all the necessary parameters for sending that email notification, including the hostname of your SMTP server, the port number, connection type, etc.

Once you get to the Body, enter all the necessary information that will help you determine whether a particular login is legit or not. In the example below, I used the following variables (just click the Add Variable button to see the complete list):

  • %AdministratorUsername%
  • %AdministratorName%
  • %ClientHost% - this is the IP address of the cllient machine used by the admin account during login
  • %Month%, %DayOfMonth%, %Year%
  • %Hour%, %Minute%, %Second%
  • %ServerHost% - this is the IP address of the server

Click OK to proceed.

04-email-notification-in-response-admin-login

Don't forget to finalise your trigger creation process by clicking the Apply button as soon as you get back to the main screen.

Here's an example of the email that was received containing the details we added earlier.

05-email-notification-in-response-admin-login

Get started

Want to try this out? Download a free, fully-functional evaluation edition of JSCAPE MFT Server now.

Download JSCAPE MFT Monitor

Liked this article? Perhaps you'd want to read these too:

How To Send Large Files Through Email

Guide To HIPAA Compliant File Transfers

OFTP (Odette File Transfer Protocol) - Simplified