Chapter 7. Audit Records
Note: The audit record formats described in this chapter are not considered to be
programming interfaces. The format of these records may change from
release to release. The format is documented in this chapter in case some
parsing of the audit records is desired.
Audit Overview
The audit subsystem writes textual audit records to a set of sequential files as
various auditable events occur during the Encryption Key Manager’s processing of
requests. The audit subsystem writes to a file (directory and file name are
configurable). The file size of these files is also configurable. As records are written
to the file, and the size of the file reaches the configurable size, then the file is
closed, renamed based on the current timestamp, and another file is opened and
records are written to the newly created file. The overall log of audit records is
thus separated into configurable sized files, their names sequenced by the
timestamp of when the size of the file exceeds the configurable size.
To keep the amount of information in the overall audit log (spanning all of the
sequential files created) from growing too large and exceeding the space available
in the filesystem, you might consider creating a script or program to monitor the
set of files in the configured audit directory/folder/container. As files are closed
and named based on the timestamp, the file’s contents should be copied and
appended to the desired long-term, continuous log location and then cleared. Be
careful not to remove or alter the file which is having records written to it by the
Encryption Key Manager while running (this file does not have a timestamp in the
file name).
Audit Configuration Parameters
The following parameters are used in the Encryption Key Manager’s configuration
file to control which events are logged in the audit log, where the audit log files
are written to, and the maximum size of the audit log files.
Audit.event.types
Syntax
Audit.event.types={type[;type]}
Usage
Used to specify which audit types should be sent to the audit log. Possible values
for configuration parameter are:
all All event types
authentication Authentication events
data_synchronization Events that occur during synchronization of information
between Encryption Key Manager servers
runtime Events that occur as a part of processing operations and
requests sent to the Encryption Key Manager
7-1
To Next Page
Loading...
Need help?
General