HP XP20000/XP24000 HP StorageWorks XP24000/XP20000 Audit Log Reference Guide ( - Page 12
Introduction, Purpose of Audit Logs
View all HP XP20000/XP24000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 12 highlights
1 Introduction This chapter introduces the audit logs created by the HP StorageWorks XP Remote Web Console computer or SVP (Service Processor) on the storage system. The SVP is a computer that is contained within the storage system. Users can access the audit logs that are output by the SVP, but the SVP is accessible only by HP personnel. This chapter includes the following sections: • "Purpose of Audit Logs" (page 12) • "Download the Audit Log Information Files to the Remote Web Console Computer" (page 13) • "Download the Syslog Information File to the Remote Web Console Computer" (page 13) • "Transferring the Audit Log Files to Syslog Servers" (page 15) • "Transferring the Audit Log Files to Syslog Servers" (page 15) • "Storing Audit Logs" (page 17) • "Audit Log File Description" (page 18) The term storage system in this guide refers to the following disk arrays: • HP StorageWorks XP24000 Disk Array • HP StorageWorks XP20000 Disk Array The GUI illustrations in this guide were created using a Windows computer with the Internet Explorer browser. Actual windows may differ depending on the operating system and browser used. GUI contents also vary with licensed program products, storage system models, and firmware versions. Purpose of Audit Logs The audit log is an important tool you can use to keep track of operations, to monitor security, to investigate the cause of errors, and to avoid potential errors. Audit log files store a history of the following: • Operations performed from the Remote Web Console computer, SVP, and commands. • Commands that the storage system received from the host. • Operations about Disk Encryption Key for data encryption. The history may not be output in order of a time series. This history includes the user, the time of the operation, the name of the operation, any parameters set, and the end result (normal completion or error message). Each audit log file ends with a serial number, from 0,000,000,000 to 4,294,967,295. When the number reaches 4,294,967,295, it resets and starts over at 0,000,000,000. There are two types of audit log files: • Audit Log Information File: Consists of basic and detailed information about settings made for each operation. Items common to each audit log will appear as basic information. See "Audit Log Information File" (page 20) and "Information Output in the Audit Log Information File" (page 27) for details about the audit log information file. • Syslog Information File: Consists of information released to both the syslog and audit log information file and information released only to the syslog information file. See "Syslog Information File" (page 22) for more information about the syslog information file. This file contains the audit log. You can download it to your Remote Web Console computer or to a primary or secondary syslog server. 12 Introduction