Blackboard Learn contains logs dedicated to security based on industry best practices to facilitate security incident detection, investigation, and forensics. They include:

  • Standardized Log Format - pipe-delimited key-value pairs
  • Standardized Event Codes - clear event codes, categories, and names, encouraging the ability to set monitoring alerts through a third party log monitoring system.
  • Field Verbosity - logs minimally contain date and time of the event to the millisecond, user ID, event code, origin of the request, destination of the request, and the outcome of the event.
  • Accountability - user IDs, source IP Address, and browser user agent

Security log files

As of release SP 14, the Blackboard_Home/logs/bb-security-authentication-log.txt security log is deprecated.

Log Log Location Description
Authentication Log bb-authentication-log.txt Authentication events such as login, logout, authentication failure, session expiration, and usage of privileged command-line authentication tools.
Input Validation Filter Log bb-input-validation-filter-log.txt The Input Validation Filter acts as a first line of defense with configurable rules to protect Blackboard Learn. Entries in this log file indicate potential violations of specific security rules designed to protect Blackboard Learn.
Central Security Events Log bb-security-validation-log.txt Central security log part of a new Security Events Framework

Blackboard Learn also maintains a detailed log file within Tomcat that joins web traffic with the user ID.