Dell PowerVault TL2000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 93

Audit Points in the Encryption Key Manager, Audit Record Attributes, Authentication event

Get Dell PowerVault TL2000 PDF manuals and user guides View all Dell PowerVault TL2000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

bracket (]) indented two (2) spaces. The number of lines for each audit record varies based on the audit record type and the additional attribute information that is provided with the audit record. The timestamp for the audit records is based on the system clock of the system on which the Encryption Key Manager is running. If these records are to be correlated based on timestamp with events occurring on other systems, some type of time synchronization should be used to ensure that the clocks of the various systems in the environment are synchronized to an acceptable level of accuracy. Audit Points in the Encryption Key Manager The Encryption Key Manager can write audit records, based on configuration, for many events that occur during the processing of requests. In this section, the set of events that can be audited is described along with the audit record configuration category, which must be enabled in order for these audit records to be written to the audit files (see Table 7-1). Table 7-1. Audit record types that the Encryption Key Manager writes to audit files Audit Record Type Authentication Data Synchronization Runtime Resource Management Configuration Management Audit Type authentication data_synchronization runtime resource_management configuration_management Description Used to log authentication events Used to log data synchronization processing Used to log various important processing events which occur within the Encryption Key Manager server while handling requests Used to log changes to how resources are configured to the Encryption Key Manager Used to log changes to the configuration of the Encryption Key Manager server Audit Record Attributes The following lists show the attributes available to each of the audit record types. Authentication event The format for these records is: Authentication event:[ timestamp=timestamp event source=source outcome=outcome event type=SECURITY_AUTHN message=message authentication type=type users=users ] Note that the message value only appears if information for it is available. Chapter 7. Audit Records 7-5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
bracket (]) indented two (2) spaces. The number of lines for each audit record
varies based on the audit record type and the additional attribute information that
is provided with the audit record.
The timestamp for the audit records is based on the system clock of the system on
which the Encryption Key Manager is running. If these records are to be correlated
based on timestamp with events occurring on other systems, some type of time
synchronization should be used to ensure that the clocks of the various systems in
the environment are synchronized to an acceptable level of accuracy.
Audit Points in the Encryption Key Manager
The Encryption Key Manager can write audit records, based on configuration, for
many events that occur during the processing of requests. In this section, the set of
events that can be audited is described along with the audit record configuration
category, which must be enabled in order for these audit records to be written to
the audit files (see Table 7-1).
Table 7-1. Audit record types that the Encryption Key Manager writes to audit files
Audit Record
Type
Audit Type
Description
Authentication
authentication
Used to log authentication events
Data
Synchronization
data_synchronization
Used to log data synchronization
processing
Runtime
runtime
Used to log various important
processing events which occur within
the Encryption Key Manager server
while handling requests
Resource
Management
resource_management
Used to log changes to how resources
are configured to the Encryption Key
Manager
Configuration
Management
configuration_management
Used to log changes to the
configuration of the Encryption Key
Manager server
Audit Record Attributes
The following lists show the attributes available to each of the audit record types.
Authentication event
The format for these records is:
Authentication event:[
timestamp=
timestamp
event source=
source
outcome=
outcome
event type=SECURITY_AUTHN
message=
message
authentication type=
type
users=
users
]
Note that the
message
value only appears if information for it is available.
Chapter 7. Audit Records
7-5