Blackboard Learn contains logs dedicated to security based on industry best practices to facilitate security incident detection, investigation, and forensics. They include:
- Standardized Log Format - pipe-delimited key-value pairs
- Standardized Event Codes - clear event codes, categories, and names, encouraging the ability to set monitoring alerts through a third party log monitoring system.
- Field Verbosity - logs minimally contain date and time of the event to the millisecond, user ID, event code, origin of the request, destination of the request, and the outcome of the event.
- Accountability - user IDs, source IP Address, and browser user agent
Security Log Files
|Authentication Log||bb-authentication-log.txt||Authentication events such as login, logout, authentication failure, session expiration, and usage of privileged command-line authentication tools.|
|Input Validation Filter Log||bb-input-validation-filter-log.txt||The Input Validation Filter acts as a first line of defense with configurable rules to protect Blackboard Learn. Entries in this log file indicate potential violations of specific security rules designed to protect Blackboard Learn.|
|Central Security Events Log||bb-security-validation-log.txt||Central security log part of a new Security Events Framework|
Blackboard Learn also maintains a detailed log file within Tomcat that joins web traffic with the user ID.