As an administrator, you should regularly review the eCommerce Audit Log. This is vital to keeping your site secure and,if data is compromised, the log helps you determine the source .
While it is important that Ektron CMS400.NET captures this information, it is even more important that you review, analyze and use it. For example, while reviewing the Audit Log, you might find that one eCommerce administrator has an unusually large number of login failures. This could indicate that someone is trying to break into your system.
You can view a log of your eCommerce activity in the Workarea > Settings >Commerce > Audit.
To turn eCommerce logging on, open the Web site’s web.config file and change the following key to true.
<add key="ek_ecom_ComplianceMode" value="false"/>
When compliance mode is turned on, Ektron CMS400.NET logs and displays the following events.
Note: To learn more about eCommerce compliance mode, see the eCommerce Implementation Guide for PCI DSS Compliance.
- Actions affecting administrators (Administrator Group member, Commerce Admin Role, Builtin Account).
- An administrator logs in or out
- An administrator's login attempt fails
- An administrator password is changed
- Actions affecting an Ektron CMS400.NET user’s rights to eCommerce.
- Adding a user to the Commerce Admin Role
- Removing a user from the Commerce Admin Role
- Adding a user to the Admin group
- Removing a user from the Admin group
- Actions affecting order information.
- Updates to an order's address
- The transaction ID and response from the payment gateway
- Any action conducted with the payment gateway. For example, when capturing a previously authorized transaction.
- Workflow activities. For example, sending an email.
- Whenever the default gateway or payment options are changed in the Workarea.
