Blackboard Learn contains logs dedicated to security based on industry best practices to facilitate security incident detection, investigation, and forensics. They include:
- Standardized Log Format - pipe-delimited key-value pairs
- Standardized Event Codes - clear event codes, categories, and names, encouraging the ability to set monitoring alerts through a third party log monitoring system.
- Field Verbosity - logs minimally contain date and time of the event to the millisecond, user ID, event code, origin of the request, destination of the request, and the outcome of the event.
- Accountability - user IDs, source IP Address, and browser user agent
Security log files
As of release SP 14, the Blackboard_Home/logs/bb-security-authentication-log.txt security log is deprecated.
Log | Log Location | Description |
---|---|---|
Authentication Log | bb-authentication-log.txt | Authentication events such as login, logout, authentication failure, session expiration, and usage of privileged command-line authentication tools. |
Input Validation Filter Log | bb-input-validation-filter-log.txt | The Input Validation Filter acts as a first line of defense with configurable rules to protect Blackboard Learn. Entries in this log file indicate potential violations of specific security rules designed to protect Blackboard Learn. |
Central Security Events Log | bb-security-validation-log.txt | Central security log part of a new Security Events Framework |
Blackboard Learn also maintains a detailed log file within Tomcat that joins web traffic with the user ID.