Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 89

Audit Records, Audit Overview, Audit Configuration Parameters, Audit.event.types

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Chapter 7. Audit Records Note: The audit record formats described in this chapter are not considered to be programming interfaces. The format of these records may change from release to release. The format is documented in this chapter in case some parsing of the audit records is desired. Audit Overview The audit subsystem writes textual audit records to a set of sequential files as various auditable events occur during the Encryption Key Manager's processing of requests. The audit subsystem writes to a file (directory and file name are configurable). The file size of these files is also configurable. As records are written to the file, and the size of the file reaches the configurable size, then the file is closed, renamed based on the current timestamp, and another file is opened and records are written to the newly created file. The overall log of audit records is thus separated into configurable sized files, their names sequenced by the timestamp of when the size of the file exceeds the configurable size. To keep the amount of information in the overall audit log (spanning all of the sequential files created) from growing too large and exceeding the space available in the filesystem, you might consider creating a script or program to monitor the set of files in the configured audit directory/folder/container. As files are closed and named based on the timestamp, the file's contents should be copied and appended to the desired long-term, continuous log location and then cleared. Be careful not to remove or alter the file which is having records written to it by the Encryption Key Manager while running (this file does not have a timestamp in the file name). Audit Configuration Parameters The following parameters are used in the Encryption Key Manager's configuration file to control which events are logged in the audit log, where the audit log files are written to, and the maximum size of the audit log files. Audit.event.types Syntax Audit.event.types={type[;type]} Usage Used to specify which audit types should be sent to the audit log. Possible values for configuration parameter are: all authentication data_synchronization runtime All event types Authentication events Events that occur during synchronization of information between Encryption Key Manager servers Events that occur as a part of processing operations and requests sent to the Encryption Key Manager 7-1

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
Chapter 7. Audit Records
Note:
The audit record formats described in this chapter are not considered to be
programming interfaces. The format of these records may change from
release to release. The format is documented in this chapter in case some
parsing of the audit records is desired.
Audit Overview
The audit subsystem writes textual audit records to a set of sequential files as
various auditable events occur during the Encryption Key Manager’s processing of
requests. The audit subsystem writes to a file (directory and file name are
configurable). The file size of these files is also configurable. As records are written
to the file, and the size of the file reaches the configurable size, then the file is
closed, renamed based on the current timestamp, and another file is opened and
records are written to the newly created file. The overall log of audit records is
thus separated into configurable sized files, their names sequenced by the
timestamp of when the size of the file exceeds the configurable size.
To keep the amount of information in the overall audit log (spanning all of the
sequential files created) from growing too large and exceeding the space available
in the filesystem, you might consider creating a script or program to monitor the
set of files in the configured audit directory/folder/container. As files are closed
and named based on the timestamp, the file’s contents should be copied and
appended to the desired long-term, continuous log location and then cleared. Be
careful not to remove or alter the file which is having records written to it by the
Encryption Key Manager while running (this file does not have a timestamp in the
file name).
Audit Configuration Parameters
The following parameters are used in the Encryption Key Manager’s configuration
file to control which events are logged in the audit log, where the audit log files
are written to, and the maximum size of the audit log files.
Audit.event.types
Syntax
Audit.event.types=
{
type
[;
type
]}
Usage
Used to specify which audit types should be sent to the audit log. Possible values
for configuration parameter are:
all
All event types
authentication
Authentication events
data_synchronization
Events that occur during synchronization of information
between Encryption Key Manager servers
runtime
Events that occur as a part of processing operations and
requests sent to the Encryption Key Manager
7-1