Hi
Someone tried to use my enterprise user name and login into BO prod cmc since I belong to administrators group.
My account was disabled as a result of the above after 3 unsuccessful attempts.
I’d like to find out the IP address of PC from which this was tried. I was looking at audit reports. One report does provide “IP address of comps accessing my cluster” but this will not help in my scenario.
Can someone pls help?
Thanks
DeepB (BOB member since 2011-03-23)
This certainly is not a pleasant occurrence.
Do you have the Tomcat/WL/IIS web server access logs of the machine that hosts your CMC application? If you do, then you can find out perhaps via the Auditing database when the Administrator user was disabled/modified and then trace that time back to your web server access log timestamp for the CMC machine.
Good luck.
Atul Chowdhury (BOB member since 2003-07-07)
We are using default (out-of-the-box) Tomcat which does not log IP access info (typically done by Web Server)
So it seems I’m out of resources here…
Edited:
Okay I searched and find that we can enable IP tracking by modifying Tocmat’s conf/server.xml file.
Tomcat 5.5 relevant documentation is here:
DeepB (BOB member since 2011-03-23)
Hi DeepB,
did you solve this? And did you get the IP address in your audit reporting? How?
Thanks a lot,
B.
bastula 
(BOB member since 2008-09-22)
Pls search google on how to enable IP logging on Tomcat app server. Just need to change few lines in Tomcat’s XML files and restart should start logging things.
This is a simplistic solution, and should work fine if it is a single node tomcat (simplified environment)
You might want to look around for more robust solutions, if you are trying to address a serious business case.
subh_live 
(BOB member since 2009-05-25)