As an administrator, you should regularly review the eCommerce Audit log. This is vital to keeping your site secure and will help you determine the source when data is compromised.
While it is important that Ektron CMS400.NET captures this information, it is even more important that you review, analyze and use it. For example, while reviewing eCommerce event logs in Ektron CMS400.NET, you might find that one of your eCommerce administrators has an unusually large amount of login failures. This could be a sign someone is trying to break into your system.
You can view a log of your CMS400.NET Web site's eCommerce activity in the Workarea > Settings >Commerce >Audit.
To turn eCommerce Logging on, open the Web site’s web.config file and change the following key to true.
<add key="ek_ecom_ComplianceMode" value="false"/>
When compliance mode is turned on, Ektron CMS400.NET logs and displays the following events.
- Actions affecting administrators (Administrator Group member, Commerce Admin Role, Builtin Account).
- An administrator logs in or out
- An administrator's login attempt fails
- An administrator password is changed
- Actions affecting an Ektron CMS400.NET user’s rights to eCommerce.
- Adding a user to the Commerce Admin Role
- Removing a user from the Commerce Admin Role
- Adding a user to the Admin group
- Removing a user from the Admin group
- Actions affecting order information.
- Updates to an order's address
- The transaction ID and response from the payment gateway
- Any action conducted with the payment gateway. For example, when capturing a previously authorized transaction.
- Workflow activities. For example, sending an email.
- Whenever the default gateway or payment options are changed in the Workarea.
