Discover M-Files Workspaces: All work available in the right business context, automatically!
➡️ Learn How it Works

Options
  • State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 56 views
  • Users 0 members are here
Related

Logging of security events required by EU NIS2 Directives

Tamás Bakonyi

As per the NIS2 requirements in EU/Hungary, we need to log and query the following security events on the server side. Is there an option to turn on/query these? If yes, how and where can we do that? If no, what steps are required to have this functionality?

User logins (successful and unsuccessful)

Unauthorized access attempts

System errors and warnings (server side)

Modification of user permissions (the modifications, that the administrators make on users and groups)

Parents
  • 0

    Great question! The answer depends quite a bit on how your current M‑Files environment is set up. For example, are you running on M‑Files Cloud or a self‑hosted deployment? And what authentication method(s) are you using (M‑Files authentication, Active Directory, Entra ID, or some other OAuth‑based IdP)?

    Here are a few key points to consider:

    • Successful logins and user/group changes are recorded in the vault event log. Full list of logged events is available via the link.
    • Vault event log keeps the latest 10,000 entries by default. If you need full audit history, you can enable Advanced Event Log features in the vault, which requires the Advanced Content Control Module add-on.
    • With this add‑on, you can also automatically export logs using the Log Exporter module. This is useful if you want to feed logs into SIEM or other monitoring systems.
    • Failed logins and other unauthorized access attempts may be logged by your identity provider (e.g., Entra ID).
    • System errors and warnings are typically recorded in the Windows Application log on the server.

    Hope this helps! If you need more specific guidance, it may be worth contacting your M‑Files representative.

Reply
  • 0

    Great question! The answer depends quite a bit on how your current M‑Files environment is set up. For example, are you running on M‑Files Cloud or a self‑hosted deployment? And what authentication method(s) are you using (M‑Files authentication, Active Directory, Entra ID, or some other OAuth‑based IdP)?

    Here are a few key points to consider:

    • Successful logins and user/group changes are recorded in the vault event log. Full list of logged events is available via the link.
    • Vault event log keeps the latest 10,000 entries by default. If you need full audit history, you can enable Advanced Event Log features in the vault, which requires the Advanced Content Control Module add-on.
    • With this add‑on, you can also automatically export logs using the Log Exporter module. This is useful if you want to feed logs into SIEM or other monitoring systems.
    • Failed logins and other unauthorized access attempts may be logged by your identity provider (e.g., Entra ID).
    • System errors and warnings are typically recorded in the Windows Application log on the server.

    Hope this helps! If you need more specific guidance, it may be worth contacting your M‑Files representative.

Children
No Data
M-Files
M-Files Support


© 2025 M-Files, All Rights Reserved.